layno

1 exploit Active since Feb 2021
CVE-2020-16194 WRITEUP MEDIUM WRITEUP
Opart Devis < 4.0.2 - Unauthenticated Insecure Direct Object Reference via Delivery and Invoice Address Fields
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.
CVSS 5.3