Primakon Pi Portal Broken Object-Level Authorization Vulnerability

Vulnerability

A vulnerability exists in Primakon Pi Portal version 1.0.18 within API endpoints that retrieve object-specific or filtered data, such as user profiles and project records. These endpoints lack adequate server-side validation to ensure that users are authorized to access the requested data. This vulnerability can be exploited through direct ID manipulation and Insecure Direct Object Reference (IDOR) by altering ID parameters to access another user's data. Additionally, by omitting filtering parameters, an attacker can obtain unfiltered datasets containing sensitive personal and organizational information.

Impact

Exploitation of this vulnerability results in unauthorized access to and exposure of sensitive data, including personal and organizational information, from other users.

Added: Nov 25, 2025, 7:18 PM

Updated: Nov 25, 2025, 10:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.2

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.2

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Primakon Pi Portal Broken Object-Level Authorization Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating