Primary

Context

Das Parking Management System Sensitive Data Exposure Vulnerability

Vulnerability

A sensitive data exposure vulnerability has been identified in Das Parking Management System version 6.2.0. The issue arises from an unknown function in the file '/Operator/FindAll', which allows unauthorized access to sensitive user information. This vulnerability can be exploited remotely without authentication, posing a significant security risk as it enables the retrieval of all user account credentials, which can be decrypted for direct login access.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive user data, specifically account credentials, which can be decrypted and used for login.

Reproduction

The vulnerability can be reproduced by sending a POST request to the '/Operator/FindAll' endpoint. This request can be made without authentication and will return sensitive user data, including account credentials.

Added: Sep 3, 2025, 1:17 AM

Updated: Sep 3, 2025, 1:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.5

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Das Parking Management System Sensitive Data Exposure Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating