Vulnerabilities > CVE-2022-27247 - Authorization Bypass Through User-Controlled Key vulnerability in Cdsoft Winhotel.Mx 2021

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cdsoft

CWE-639

NVD

Published: 2022-05-13

Updated: 2022-05-24

Summary

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.

Vulnerable Configurations

Part	Description	Count
Application	Cdsoft Cdsoft Winhotel.Mx 2021	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://myses.de/#about
https://myses.de/pdf/CVE2022-27247.pdf