Unauthenticated Access to Users PII in microweber/microweber
Mar 21st 2023
A Unauthorized/Unauthenticated Attacker can access PII data of all the Users.
Some of the PII leaked are:
Proof of Concept
It shows you details of all the users
This also works on the demo site
An Attacker can access the PII data.
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Peter Ivanov validated this vulnerability 2 months ago
Garth Humphreys has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Peter Ivanov marked this as fixed in 1.3.4 with commit b0644c 2 months ago
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Apr 22nd 2023
commented 2 months ago
Thank you for validating the issue.
to join this conversation