CVE-2022-27247

MEDIUM

Cdsoft Winhotel.mx - IDOR

Title source: rule
STIX 2.1

Description

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://myses.de/#about
Exploit, Third Party Advisory x_refsource_misc
https://myses.de/pdf/CVE2022-27247.pdf

Scores

CVSS v3 5.3
EPSS 0.0021
EPSS Percentile 43.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-639
Status published
Products (1)
cdsoft/winhotel.mx 2021
Published May 13, 2022
Tracked Since Feb 18, 2026