Primary

Context

Sistemas Pleno Gestão de Locação Insecure Direct Object Reference Vulnerability

Vulnerability

An Insecure Direct Object Reference (IDOR) vulnerability has been identified in Sistemas Pleno Gestão de Locação, affecting versions prior to 2025.8.0. This vulnerability allows unauthorized access to user data by manipulating identifiers in API requests. The issue resides in the CPF Handler component, specifically within the 'validarCpf' endpoint.

Impact

Exploitation of this vulnerability allows unauthorized users to access or modify personal data, contracts, and support tickets belonging to other users.

Reproduction

The vulnerability can be reproduced by sending requests to the 'validarCpf' endpoint with manipulated CPF numbers. This can be done using a tool like Burp Suite to intercept and modify the request. Additionally, personal information of other users can be accessed by changing the user ID in the request URL.

Remediation

Users are advised to upgrade to Sistemas Pleno Gestão de Locação version 2025.8.0 or later.

Added: Sep 25, 2025, 1:17 PM

Updated: Sep 25, 2025, 2:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

7.7

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

7.7

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sistemas Pleno Gestão de Locação Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating