Primary

Context

Viafirma Inbox IDOR Vulnerability Allowing Unauthorized User Data Access and Modification

Vulnerability

Patched

An Insecure Direct Object Reference (IDOR) vulnerability exists in Viafirma Inbox version 4.5.13. This vulnerability allows any authenticated user, regardless of privileges, to list all users and access and modify their data. Exploiting this flaw enables the modification of user email addresses, which can then be used with the password recovery feature to impersonate any user, including those with administrative rights.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user accounts, including those of administrators, by allowing an attacker to impersonate other users after modifying their email addresses and using the password recovery function.

Remediation

Users can upgrade to Viafirma Inbox version 4.5.27 to address this vulnerability.

Added: Jan 12, 2026, 3:19 PM

Updated: Jan 12, 2026, 3:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

2.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Viafirma Inbox IDOR Vulnerability Allowing Unauthorized User Data Access and Modification

Vulnerability

Impact

Remediation

Affected Products

Viafirma Inbox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating