Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Whisper Money has IDOR Vulnerability on sync/balances endpoint
Vulnerability Description
Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue.
CVSS Information
N/A
Vulnerability Type
对错误会话暴露数据元素
Vulnerability Title
Whisper Money 安全漏洞
Vulnerability Description
Whisper Money是Whisper Money开源的一个个人理财应用程序。 Whisper Money 0.1.5之前版本存在安全漏洞,该漏洞源于不安全的直接对象引用,可能导致用户更新或创建其他用户的银行账户余额。
CVSS Information
N/A
Vulnerability Type
N/A