Improper Access Control in francoisjacquet/rosariosis
Valid
Reported on
May 2nd 2022
Description
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Proof of Concept
Unauthorized actors can access critical pages directly.
Impact
Unauthorized actors can get critical information about the application.
We are processing your report and will contact the
francoisjacquet/rosariosis
team within 24 hours.
a month ago
We have contacted a member of the
francoisjacquet/rosariosis
team and are waiting to hear back
25 days ago
intrapus modified the report
24 days ago
Hello @intrapus
Thank you for your report. The fix will concern diagnostic.php file only. For the InstallDatabase.php, there is no information given except that the database is installed which is obvious.
The researcher's credibility has increased: +7
François Jacquet
has been awarded the fix bounty
diagnostic.php#L1-L257
has been validated
InstallDatabase.php#L1-L126
has been validated
to join this conversation