Trey

1 exploit Active since Jun 2024
CVE-2024-37889 WRITEUP MEDIUM WRITEUP
myfinances < 0.4.6 - Authorization Bypass via User-Controlled Key
MyFinances is a web application for managing finances. MyFinances has a way to access other customer invoices while signed in as a user. This method allows an actor to access PII and financial information from another account. The vulnerability is fixed in 0.4.6.
CVSS 6.5