Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Priority - Priority web Insecure direct object references (IDOR)
Vulnerability Description
this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn't perform it before the parameter changed.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
Priority Software Priority 安全漏洞
Vulnerability Description
Priority Software Priority是以色列Priority Software公司的一种 ERP 解决方案。 Priority Software Priority 存在安全漏洞。攻击者利用该漏洞可以访问 Web 应用程序在参数更改之前无法执行的某些功能。
CVSS Information
N/A
Vulnerability Type
N/A