Improper Authorization in blair2004/nexopos-4x
Sep 29th 2021
No authorization in downloading customer export file.
Proof of Concept
- Access this link in browser without logging in: http://v4.nexopos.com/export/customers-list.csv
- See that you can download customer list file without logging in.
This vulnerability is capable of exposure of customer information.