CVE-2020-35577
N/A
N/A
Summary
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://www.endalia.com/en/software/
- https://github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-35577
References
- https://www.endalia.com/en/software/
- https://github.com/blackarrowsec/advisories/tree/master/2020/CVE-2020-35577
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.