CVE-2023-36238Authorization Bypass Through User-Controlled Key in Bagisto

CWE-639Authorization Bypass Through User-Controlled Key4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 64.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
BagistoWebkul Bagisto
Timeline
PublishedMar 13

Description

Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Packagistbagisto/bagisto< 1.3.2
NVDwebkul/bagisto1.5.1

🔴Vulnerability Details

3
OSV
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)2024-03-13
CVEList
CVE-2023-36238: Insecure Direct Object Reference (IDOR) in Bagisto v2024-03-13
GHSA
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)2024-03-13
CVE-2023-36238 — Bagisto vulnerability | cvebase