Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
IDOR vulnerability in Janto Ticketing Software
Vulnerability Description
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain a user's event ticket by creating a specific request with the ticket reference ID, leading to the exposure of sensitive user data.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Janto Ticketing 安全漏洞
Vulnerability Description
Janto Ticketing是Janto公司的一个票务软件。 Janto Ticketing 4.3r10版本存在安全漏洞,该漏洞源于允许远程用户通过使用票证参考 ID 创建特定请求来获取用户的事件票证,从而导致敏感用户数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A