MphRx Minerva IDOR Vulnerability in User Data Access

Vulnerability

An insecure direct object reference (IDOR) vulnerability exists in MphRx's Minerva version 3.6.0, specifically within the '/minerva/moUser/show/' endpoint. This vulnerability allows authenticated users to access the data of other registered users by simply modifying the user ID. Exploitation of this issue could enable an attacker to compile a list of users.

Impact

Successful exploitation allows an authenticated user to access and potentially misuse the data of other users.

Added: Apr 28, 2026, 1:24 PM

Updated: Apr 28, 2026, 1:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MphRx Minerva IDOR Vulnerability in User Data Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating