Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MyFinances Allows Unauthorized Access to Other Customer Data
Vulnerability Description
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
MyFinances 安全漏洞
Vulnerability Description
MyFinances是TreyWW开源的一个开源的网络应用程序。旨在使个人和团队能够有效地管理他们的财务。 MyFinances 0.4.6之前版本存在安全漏洞,该漏洞源于有一种方法可以在以用户身份登录时访问其他客户发票。
CVSS Information
N/A
Vulnerability Type
N/A