CVE-2022-36539

HIGH

eigen&wijzer ouderapp < 1.1.22 - Authorization Bypass via ID Parameter Manipulation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-36539. PoCs published by Fopje.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2022-36539, an Insecure Direct Object Reference (IDOR) vulnerability in WeDayCare B.V Ouderapp before v1.1.22. It includes HTTP request/response examples and demonstrates how attackers can manipulate ID values to access unauthorized data.

Description

WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children.

Exploits (1)

nomisec WRITEUP 3 stars
by Fopje · poc
https://github.com/Fopje/CVE-2022-36539

This repository provides a detailed technical analysis of CVE-2022-36539, an Insecure Direct Object Reference (IDOR) vulnerability in WeDayCare B.V Ouderapp before v1.1.22. It includes HTTP request/response examples and demonstrates how attackers can manipulate ID values to access unauthorized data.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WeDayCare B.V Ouderapp < v1.1.22
Auth required
Prerequisites: Authenticated access to the API · Proxy tool like Burp Suite to intercept/modify requests
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Product, Release Notes, Third Party Advisory x_refsource_misc
https://apps.apple.com/nl/app/eigen-wijzer-ouderapp/id1331059326
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Fopje/CVE-2022-36539

Scores

CVSS v3 7.5
EPSS 0.0118
EPSS Percentile 63.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-639
Status published
Products (1)
eigen\&wijzer_ouderapp_project/eigen\&wijzer_ouderapp < 1.1.22
Published Sep 07, 2022
Tracked Since Feb 18, 2026