Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrMohamedabdelhady933E46C5380-A590-40DE-A8E5-79872EE0BB29
HistoryDec 23, 2022 - 12:09 p.m.

Full account takeover

2022-12-2312:09:14
mohamedabdelhady933
www.huntr.dev
9
account takeover
idor vulnerability
unauthorized changes

0.001 Low

EPSS

Percentile

34.8%

JSON

Description

Account take over via changing email and username and displayed name, After login you and open your settings you can update information ,There is an IDOR here that allows me to change any user email and username and displayed name

Proof of Concept

https://drive.google.com/file/d/1wLmenLyz-F9mpFrj4AGkB5PF1GIs5o2W/view?usp=sharing

Related

cve 1
nvd 1
osv 2
prion 1
github 1
cvelist 1
veracode 1
cve
cve
CVE-2022-4809
2022-12-28 14:15:11
nvd
nvd
CVE-2022-4809
2022-12-28 14:15:11
osv
osv
usememos/memos Improper Access Control vulnerability
2022-12-28 15:30:46
CVE-2022-4809
2022-12-28 14:15:11
prion
prion
Improper access control
2022-12-28 14:15:00
github
github
usememos/memos Improper Access Control vulnerability
2022-12-28 15:30:46
cvelist
cvelist
CVE-2022-4809 Improper Access Control in usememos/memos
2022-12-28 00:00:00
veracode
veracode
Improper Access Control
2023-01-02 10:22:35

0.001 Low

EPSS

Percentile

34.8%

JSON
Related for E46C5380-A590-40DE-A8E5-79872EE0BB29
cve1nvd1osv2prion1github1cvelist1veracode1