We found results for “”
WS-2022-0353
Date: September 19, 2022
User can get details of the comments that were deleted in yetiforcecompany/yetiforcecrm. When a user creates a new record he can add a comment on it. The user is also able to delete the comments after which the user wont be having access to that comment like replying, checking what the comment was. This vulnerability allows any user to see what the deleted comment was and also to reply on that comment.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Execution with Unnecessary Privileges
CWE-250CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |