perfact::mpa Insecure Direct Object Reference
Posted by deepcore on March 2, 2016 – 8:02 pm
The SySS GmbH found out that different resources of the web application perfact::mpa can be directly accessed by the correct URL due to improper user authorization checks. That is, unauthorized users can access different functions of the perfact::mpa web application.
Post a reply
You must be logged in to post a comment.