Improper Access Control in francoisjacquet/rosariosis
May 2nd 2022
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Proof of Concept
Unauthorized actors can access critical pages directly.
Unauthorized actors can get critical information about the application.
We are processing your report and will contact the francoisjacquet/rosariosis team within 24 hours. a year ago
We have contacted a member of the francoisjacquet/rosariosis team and are waiting to hear back a year ago
François Jacquet François
commented a year ago
Thank you for your report. The fix will concern diagnostic.php file only. For the InstallDatabase.php, there is no information given except that the database is installed which is obvious.
François Jacquet validated this vulnerability a year ago
intrapus has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
François Jacquet marked this as fixed in 9.0 with commit 97927f a year ago
This vulnerability will not receive a CVE
to join this conversation