Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
nafisulbari/itsourcecode Insurance Management System Payment editPayment.php access control
Vulnerability Description
A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPayment.php of the component Payment Handler. The manipulation of the argument recipt_no leads to improper access controls. The attack may be launched remotely. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
访问控制不恰当
Vulnerability Title
Insurance Management System 访问控制错误漏洞
Vulnerability Description
Insurance Management System是Angel Jude Reyes Suarez个人开发者的一个保险管理系统。 Insurance Management System 1.0版本存在访问控制错误漏洞,该漏洞源于组件付款处理程序文件editPayment.php对参数recipt_no的操纵会导致访问控制不当。
CVSS Information
N/A
Vulnerability Type
N/A