Primary

Context

Agenzia Impresa Eccobook Insecure Direct Object Reference Vulnerability Allowing Unauthorized Document Access

Vulnerability

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the PdfHandler component of Agenzia Impresa Eccobook, affecting versions through 2.81.1. This vulnerability allows unauthenticated attackers to access confidential documents by manipulating the DocumentoId parameter, which is an incrementing integer associated with each uploaded document.

Impact

Exploitation of this vulnerability could lead to unauthorized access to confidential documents.

Reproduction

To reproduce this vulnerability, access the PdfHandler.ashx endpoint and include a guessable DocumentoId parameter. The IDs can be brute-forced, as they increment with each document upload. This can be done manually or with an automated script.

Added: Aug 5, 2025, 6:22 PM

Updated: Aug 5, 2025, 6:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.6

remediation

0.0

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Agenzia Impresa Eccobook Insecure Direct Object Reference Vulnerability Allowing Unauthorized Document Access

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating