CVE-2023-38872
published 2023-09-28CVE-2023-38872: An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker…
PriorityP418low3.7CVSS 3.1
AVNACHPRNUINSUCLINAN
EPSS
0.60%
44.2th percentile
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| economizzer | economizzer | — | — |
| economizzer | economizzer | — | — |
| gugoan | economizzer | 0 – 0.9-beta1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Economizzer Insecure Direct Object Reference vulnerability
osv·2023-09-28
CVE-2023-38872 [LOW] Economizzer Insecure Direct Object Reference vulnerability
Economizzer Insecure Direct Object Reference vulnerability
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
GHSA
Economizzer Insecure Direct Object Reference vulnerability
ghsa·2023-09-28
CVE-2023-38872 [LOW] CWE-639 Economizzer Insecure Direct Object Reference vulnerability
Economizzer Insecure Direct Object Reference vulnerability
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-28
Published