Statping-ng Sensitive Information Disclosure Vulnerability

A vulnerability in Statping-ng version 0.91.0 allows unauthorized access to sensitive information through a crafted request to the command execution function. This issue enables low-privileged users to bypass authorization checks and access restricted API endpoints, including '/api/users', '/api/oauth', '/api/notifier/amazon_sns', and '/api/settings/export'. As a result, attackers can obtain sensitive user data and configuration information.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive user data and application configuration.