CVE-2021-34369

MEDIUM

Accela Civic Platform <20.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-34369. PoCs published by Abdulazeez Alaseeri.

AI-analyzed exploit summary This exploit demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in Accela Civic Platform <= 21.1. By manipulating the 'contactSeqNumber' parameter, an authenticated attacker can access other users' data.

Description

portlets/contact/ref/refContactDetail.do in Accela Civic Platform through 20.1 allows remote attackers to obtain sensitive information via a modified contactSeqNumber value. NOTE: the vendor states "the information that is being queried is authorized for an authenticated user of that application, so we consider this not applicable.

Exploits (1)

exploitdb WORKING POC
by Abdulazeez Alaseeri · textwebappsmultiple
https://www.exploit-db.com/exploits/49991

This exploit demonstrates an Insecure Direct Object Reference (IDOR) vulnerability in Accela Civic Platform <= 21.1. By manipulating the 'contactSeqNumber' parameter, an authenticated attacker can access other users' data.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Accela Civic Platform <= 21.1
Auth required
Prerequisites: Authenticated session · Valid JSESSIONID and other cookies
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References

Scores

CVSS v3 6.5
EPSS 0.0824
EPSS Percentile 94.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (1)
accela/civic_platform < 20.1
Published Jun 09, 2021
Tracked Since Feb 18, 2026