Description
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by this parameter. This allows direct access to other users' data or internal resources without proper permission. Successful exploitation of this flaw may result in the exposure of sensitive information.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://medium.com/@r3dd1t/pedindo-um-lanche-e-possivelemnte-descobrindo-uma-cve-9930b0114e3f
Scores
CVSS v3
9.8
EPSS
0.0034
EPSS Percentile
56.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-639
Status
published
Products (1)
system_pdv_project/system_pdv
1.0
Published
Aug 25, 2025
Tracked Since
Feb 18, 2026