Primary

Context

DinoRANK Missing Authorization Vulnerability Allowing Invoice Access

Vulnerability

A missing authorization vulnerability in DinoRANK, an SEO tool, allows attackers to access any user's invoices by exploiting an endpoint that lacks proper access controls. The PDF filenames can be discovered through open-source intelligence, unencrypted network traffic, or brute force methods.

Impact

Exploitation of this vulnerability allows unauthorized access to user invoices, potentially leading to exposure of sensitive financial information.

Remediation

The DinoRANK team has fixed this vulnerability in the latest version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DinoRANK Missing Authorization Vulnerability Allowing Invoice Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating