Improper Access Control in francoisjacquet/rosariosis
Valid
Reported on
May 2nd 2022
Description
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Proof of Concept
Unauthorized actors can access critical pages directly.
Impact
Unauthorized actors can get critical information about the application.
We are processing your report and will contact the
francoisjacquet/rosariosis
team within 24 hours.
a year ago
We have contacted a member of the
francoisjacquet/rosariosis
team and are waiting to hear back
a year ago
intrapus modified the report
a year ago
Hello @intrapus
Thank you for your report. The fix will concern diagnostic.php file only. For the InstallDatabase.php, there is no information given except that the database is installed which is obvious.
The researcher's credibility has increased: +7
diagnostic.php#L1-L257
has been validated
InstallDatabase.php#L1-L126
has been validated
to join this conversation