Description

An issue in the API endpoint /AccountMaster/GetCurrentUserInfo of INROAD before v202402060 allows attackers to access sensitive information via a crafted payload to the UserNameOrPhoneNumber parameter.

Related CPE's

Could not find any relations

References

https://hithub.notion.site/Sensitive-Information-Disclosure-in-GongZhiDao-System-aaad25d2430f4a638d462194cfa87c8b

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-922

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

5.9 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Awaiting analysis

Published

2024-09-30T16:15:06.140Z

1 year ago

Last modified

2024-11-14T19:35:33.310Z

1 year ago