Primary

Context

Roncoo Roncoo-Pay Improper Authentication Vulnerability

Vulnerability

A vulnerability exists in Roncoo Roncoo-Pay versions up to 9428382af21cd5568319eae7429b7e1d0332ff40, specifically in an unknown function of the file '/user/info/list'. This vulnerability allows for improper authentication, enabling unauthorized access to user information. The issue can be exploited remotely without any authentication requirements.

Impact

Exploitation of this vulnerability bypasses authentication mechanisms, allowing unauthorized users to access functionalities or information that should be restricted.

Reproduction

To reproduce this vulnerability, send a GET or POST request to the '/user/info/list' endpoint without any authentication or authorization. The request will be processed, and access to the user list functionality will be granted, demonstrating the improper authentication flaw.

Added: Sep 12, 2025, 5:17 AM

Updated: Sep 12, 2025, 5:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Roncoo Roncoo-Pay Improper Authentication Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating