bibliotecas.dglab.gov.pt Improper Access Control vulnerability

2020-05-14T21:44:00

Description

Open Bug Bounty ID: OBB-1161507 Following coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence. Affected Website:| **[bibliotecas.dglab.gov.pt](<http://bibliotecas.dglab.gov.pt>) ** ---|--- Open Bug Bounty Program:| **Create your bounty program now**. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| **[IAC (Improper Access Control)](<https://www.owasp.org/index.php/Broken_Access_Control>)** / CWE-284 CVSSv3 Score:| 6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N] Disclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines Discovered and Reported by:| **theotalportista ** Remediation Guide:| **[OWASP Access Control Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Access_Control_Cheat_Sheet.md>)** Export Vulnerability Data:| Bugzilla Vulnerability Data JIRA Vulnerability Data [ Configuration ] Mantis Vulnerability Data Splunk Vulnerability Data XML Vulnerability Data [ XSD ] Vulnerable URL: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAANZklEQVR4nO2df0xT1xfAr1i0wGsFbAurdVLigCwbI4QQSBx20zCDhNQNxTCdmhm3ENSGOMf4gzF1okzMJAshxD82/3DMP0hDFmJMw5auI4Y19a1rWCWEla4WQsrvirXWvu8fN3t53/erTxQBPZ+/eu8795xzz7nN6TuvhTUURSEAAAAAWALiltsBAAAA4IUFagwAAACwVECNAQAAAJYKqDEAAADAUgE1BgAAAFgqoMYAAAAAS8WKqDF6vf7PP/8UGgIvBqslravFTwBYFSx/jfnrr7+i0ehbb73FOwReDFZLWleLnwCwWohRY0ZHRxUKBe+l2dnZ5uZmoaF0enp6KioqWEMhu/R8TIGY/j+958+E0dHRlJQUcYGYW5Ai89zgjScry4tQFXOPEo+EONzjt/KPkDjT09NHjhxRq9WbNm36/PPPHz16dPDgwZMnT9ICv/32W3x8/OzsLD2zffv2K1euzM/Pnzx5csuWLQkJCdnZ2RcvXnz8+DEWGB0dXfMf8fHxb7755k8//UQvX1GnEVh+KFE8Hg9BEFIuiUiKU1hYeOvWLdZQRFsoFBIxx53H8iIs2vNngsfjSU5OFheI6d7yboEFrzOsLC9OlXgqY54ZKfAevxV+hMSpqKiorq72+Xxut3vbtm319fWdnZ35+fm0QGNjI0Kou7sbD8PhsFwuJ0mysrLSaDS63e6JiQmLxWIwGAYGBrAM3m8oFAqFQhMTE11dXSqV6ueff2Zefc7bBFYssuWtcGNjY0NDQwaDgTX0+/1CS9avX/9EJp5UHnjmsLK8aBadSokLhY7f6j1CDx48cDgcbrc7KSkJIXT58uXq6ure3t6ampr5+Xl8t2GxWHJzc/v6+vbs2YMQGhgYkMvlWVlZZrM5EAhs2LABIbRjx44dO3awlOOwqNXqqqqqmZmZ9vb23bt3P+8dAiseSc9jrly5otfrN27cePDgQXxPPTs7m5GREQwG16xZ88MPPzCHly9fVigU33zzTVpaWkpKyqFDhx48eCCkuaenp7S0ND4+nnd48eJFlhLWbThXgAVT/v79+5988olard68efNXX32Fb/xZG0EIPXz48OOPP1YoFFu2bPnyyy+x2OPHj7/44ou0tLSkpKS9e/dOTk5inX/88UdxcXFCQoJard67d++9e/fw5Ntvv61QKDZt2vTBBx/8/fffLK/u3bv33nvvKRSK7Ozs69ev0/NjY2O7d+9WKBR6vb61tVWoh8ZrVEo0hPTzRqaqqurrr7+m1xYXF+P4MAPLzTI3nty0cuG1xVIlsQMjfmbw69bWVr1en5KS8uGHHzJ7RLx+suxyk8vdcswDIJRB7kKmw0lJSVVVVZOTk5999plard64ceORI0fu37+PEPrnn3+SkpLu3LmDEJqcnExJSfnll18QQgkJCf/++y8uMAih4eFhrVb72muvaTSa/v5+hND8/LzD4Th37pzFYsEyNputpKQkGo0ihGQyqZ9BCwsLXS6XRGHgpSJ2jQkGgyRJ9vf3DwwM+P3++vp6hNCGDRvcbje+Xz5w4ABzuGfPnmAwODAwYLfb7Xa7w+FoaWkRUs77MIa2a/8PXiUxBVicOHHC7/c7HI6bN2/29PS0t7dzN4IQOnPmzMLCgtPpvHnzptVq7ejoQAi1tLRYLBaLxTI0NKTVagcHB7FOh8Nx7Nix8fFxl8ul0+lqa2sRQuXl5YcPH/Z6vTabbdu2bXK5nOVJbW2tUqkcHBzs7e1l1pja2tp169YNDw9bLJZr164JbYTXqJRoCOnnjcy+ffvMZjMWGBsbI0nSaDSy4s/NMjeeSMLDGF5bvKrEkRKEYDDodDrxefZ6vQ0NDfQlKQ+NuMnl+hnzAPBmUGghfgPabDaSJP1+f05OTiAQcDqdt2/f9ng82H+9Xt/Q0GAymRBCjY2NZWVl77zzDsvo3bt3T506denSJYSQwWCw2WwIoV9//TUvL2/Xrl0+nw+XOpvNZjAYkpKSysrK9u/f//vvv+MyJk5qaurc3FxMMeBlRLyV5vF4EEJzc3N42N/fn5mZSV/ifR6Dl3i9Xjzf3d1dUFCAX3u93oyMDHpJMBgkCGJqaoo7FFIS04qQV5FIhCCIkZERPN/T01NUVMS7EZVKFQwG8WuSJAsLCymK0mg0DodDPFbDw8Pp6elTU1MymUykgx+JRORyOdNz/DwGz9Me0vPi3W1sVCTmLLtc/UKRWVhYUCqVWGd7e3tFRQVTm4hFlsOsLPMiZIupKmaXX8qRYJ1nm81Gn2fW8eO1K5RcKTJC4AwKLcQOz8zM0A7HxcUtLCzgYX9//9atW/HrcDick5PT1NSkUqnGx8dZVnw+X2ZmZldXFx52dnYaDAaKokwmU2NjI0VR5eXl33//PUVRqampdrudoqi5ubn6+vqsrCyZTLZ169ampqZIJMLdLz1DP1aE5zEAk9j3wgRB0L0CrVY7NTUVc4lcLt+8eTN+nZOT4/V66eX4Dh1z69atwsJCumPDGgopiWmFl4mJiXA4rNfraXn87mUxPT0dCAQyMjLwMBqNymSy2dnZqamp3NxcrvydO3dOnz49ODgYDoej0Wg0Gk1JSamsrCwqKnr33Xe1Wm1BQcH27dtZniCEmJ7T89FolOmh0F64RqVEQ0i/UGQSEhLKysrMZvPx48e7u7sPHz7MUigx/qy08hLTlkSkuMQ8zzqdjj7PUvyMmVyJMrwZFFpIEAR+KIIdViqVCQkJeKjVagOBAH4dHx//3Xff7dy5s62tLS0tjWWxsrLSZDJVVVXhYUlJiclkevTokcViwbetpaWlFoslPz8/Eonk5eUhhBQKRXNzc3Nz88OHDx0OR11dXSQSOXv2rEh8AIDLc/19zNq1a1955RV6KNIoWy5CoVBcXJzdbidJkiRJp9NJkiS+tHbtWq680WgsKSmxWq0kSfb29uLJH3/88erVq7m5ueFwuK6u7vjx48/WSV6jSwFuYU1PTw8MDCw6NRLT+kxsPQ0S/ZSS3JgyQhl8ypMzPj4eFxc3Pj7Omh8bG3M6nUxt2dnZycnJvb29Xq+3qKgIIbRz586+vj7co2Md9fXr1xcXF7e1td24cUPI9NTUlFKpfCJvgZcF8dscbutJ6I5YqItlNpu5fRuKoiKRiEqlols0rKGQkphWnr5XRhAEty2m0WhIkmRNTkxMyGQyekiSJPdbyCRJ6nQ61saZvTKz2czslXk8Hjwv1CvjNSol5kL6RSITCoVSU1O//fbb999/n6VNxCLTYVZaReC19TS9Mt4jIXSeucdPil06uVJkaKQcG3qhyBuQNZyZmUlPT+/q6kpNTR0cHGSqikQi3BTs378/Ly+vvLycntHpdHl5eS0tLXhId4wxVqtVqE9OUVRHR0dZWZnQVeBlZvE1JhgMymSyoaEh1hC/1SsrK30+n8vlysvLa2pqojXQ7War1frGG2/Q86yhkBJWjeEKzM3NyWQyt9uNe8dM/48ePVpRUeH1el0uV35+fltbG+9GPv3006KiIpfL5ff7W1pazpw5Q1HU+fPnCwsLnU6nz+erra21Wq1YWKPRtLe3z8zMDA0NGY3G5OTkwcHBXbt29fX1BQIBr9d79OhR+m1M791oNDI9p0OKf5Hg8XhcLldubi6eZ+2I16hIzJn9fV79IpGhKKq6ulqpVN64cYOVQRGLzHiy0ioO1xZTlcQaI3JmuEro88zykxlz5hKh5DL9FJJhJoKbQaGF0mtMTU3Nvn37KIo6d+4cftbChPt8CH+ZhZlr3KLEP4Jxu90ajaazs9Pv98/MzOD4nD9/nhlG/PuYQCDA+/uY0P9Dn17gZWPxNYaiqKampsTERPyokB62trYSBHHhwgWNRpOcnPzRRx/RjyiZ2k6dOtXQ0ECrYg2xZEtLC0sJs8bwClAUVV9fT3vFtBgMBo8dO6ZSqXQ6HfMBJmsjoVDIZDLpdLrExMSysjL8ATASiZw+fVqlUsnlcqPRGAgE8EKr1VpQUCCXy9PT0+vq6pKTk8PhcFNTU1ZW1rp16zQazYEDB/ADWKYnPp+vtLSUIIisrKxLly7RIR0fHy8vLycIIiMj48KFC/Q8c0e8RmOGS1y/SGTMZjNBENwM4he8WWbGk5VWcVi2WKqk1JiYQRA6z1w/6Zgzlwgll+knrwzLLjeDQsol1hi73U4QBL6HC4VCGRkZ165dE1qFcbvdCCHmHc/169cJgqCz39vbazAYlEplYmJibm5uZ2cnUyHdCJHJZK+//jr9bQLWVZqOjg6R3AEvMDFqzCKQeKeclZV1+/ZtoSGAP0iuWP2Ly/KKZbX4CQCrjmX7nf/du3dFhgBJkpmZmatXP2a1pHW1+AkAq45l/lsyAJOzZ89qtdqKioqRkZGGhgb8h6RWkf6YqNVq3vmRkRHpf0XxmSgBAOD5ADVmBWEwGEwmU01NzauvvnrixIlDhw6tLv0xob8IzuKJasMzUQIAwPNhDUVRy+0DAAAA8GKy/P+jDAAAAHhRgRoDAAAALBVQYwAAAIClAmoMAAAAsFRAjQEAAACWCqgxAAAAwFIBNQYAAABYKqDGAAAAAEsF1BgAAABgqYAaAwAAACwV/wMNuPwGbm96PgAAAABJRU5ErkJggg==) --- HTTP POST data: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAI2klEQVR4nO3dbUhTbxsA8Fvd/jo9zm05HXNhiqkEmYSYRs0VIjaGRFkzstKIPoiiDCsRGYNeRCkoERMrMD+U9kFESEKGhq4RU+Yy8yXFdL4Sbjpdts2183w4/A/nmW9rucrnuX6f7vs+1/2y44eLc+2svHAcRwAAAIAHeP/pAwAAAPifBTkGAACAp0COAQAA4CmQYwAAAHgK5BgAAACeAjkGAACAp+z6HBMREfHhw4c/fQoAAAAb2N055uPHjw6H49ChQ3/6IAAAADawkznGZDKVl5cT7cnJycDAwK3jN4txZS6htbU1IyPDaYor06lH/assLi7m5uZyudywsLBbt26tra1dunSpsLCQDOju7qbT6SaTiRxJSUl59OjRyspKYWFheHg4g8GIiYmpqKj48eMHETA5Oen1LzqdfvDgwaamJnK663cbAAB+1k7mmKWlpXv37hHt8PDwhYUF99ZxfS6ZY352OvWof5WcnBybzabT6To6OtRqtVwuFwqFKpWKDFAqlXa7vaOjg+iura1pNBqRSHT16lW9Xt/e3q7X62tqat68eaPVaslZGIZZLBaLxTI7O1tWVpafn//69evf/dkAAP+H8J0zMTGBYZjn4p3Mzs6yWCybzfb7t/aQ1dVVgUBgNpuJrkajiYqK+vz5M41GW15eJgaPHj0aFxeXn59PdFUqFYvFWl1dpdFoS0tLGy67/sPW1taKxeLNrgIAwE5x8zlGKpXevXuX7CYnJ9fW1u7bt89sNnt5eT1//tz1CkxFRUVoaCibzb5y5cr3798RpXpDNB48eBAREcFmsy9evEitEbW2tqalpdHpdKcFqVv39PQcP348MDAwLCzs7NmzQ0NDCCGTyUQ96oYxTnp6epKTkxkMBpfLPXfu3MzMzGaLU88cEBAglUoNBsONGze4XO6ePXtyc3O/ffuGEPry5UtAQEBfXx9CyGAwsNnszs5OBoMxNTUVEBBAbDo2Nsbn8/fv3x8SEqJWqxFCKysrWq32zp07SqWSiFGpVEKh0OFwIIRoNJorNxwhlJiYODAw4GIwAAC4zc0cc/78+ZaWFqI9Nzen0+kuXLgwPDxM1GSys7NdXMdsNvf+S6vVVlZWrg/o7+9Xq9UajUav15eWlpKXNiyUOZFIJDk5OXq9XqVSHTt2zM/PDyEUFBREPeqGMU60Wu3169fn5+cHBgYEAkF+fv5mixNn1ul0KpVKp9PNzs7GxsYuLCz09/e/f/9+YmKC+AgRERGlpaVFRUUIIblcLhaLT5w4Qd1xZGSkuLj4/v37CCGRSESUy96+fRsfH5+enj49PU3kOZVKJRKJAgICxGJxVlbWu3fviBy2NQ6Hs7y8vG0YAAD8Kvcef1ZXV5lMpl6vx3G8pqYmIyMD/++qiysVmImJCYQQsQiO483NzQkJCdS5RABZJlKpVJGRkUTbbDZjGGY0GtdvR7aNRiONRrNYLBtuvW3MZsbGxng83mYTiTOTZSuVSuXt7b26ukp01Wp1VFQU0bbZbLGxsQqFIjg4eH5+nrrI9PR0ZGRkY2Mj0a2rqxOJRDiOFxUVyeVyHMclEkl9fT2O4xwOp7e3F8fx5eXlkpKS6OhoGo0WFRWlUCjsdvv6m0OOsFisza4CAMBOcbW64oTBYIjF4paWloKCgubm5pycHPfW8fPz27t3L9GOjY3V6/VOARiGkYUvgUBgNBqJdnt7e2JiIpvN3mJxNpudmZmZlJR08uRJPp+fkJCQkpLiRgxCqK+v7+bNm4ODgzabzeFwOByOLSZiGBYUFESemclkMhgMosvn88n3Eeh0enV1dWpqalVVVWhoKHW7zMzMoqIiqVRKdIVCYVFR0dramlKprKmpQQilpaUplcrDhw/b7fb4+HiEUGBgYHl5eXl5udVq1Wq1MpnMbrffvn17i/sDAACe5v57ZUS5bHFxUaPRbFuz2nGuFMoQQi9fvnz69GlcXJzNZpPJZAUFBe7FnD59WigUdnV16XS6trY21ydubX5+3tvbe35+njo4NzfX399PXS0mJobFYrW1ten1+qSkJIRQampqR0cHUaPz8fGhTvf19U1OTq6qqnr16tVm+xqNRiaT+bOnBQCAn+b2E5DFYuFwOA8fPjxz5gwx8ou1spaWlvW1MuoiZIXHbrcHBwePj49TL227tU6nEwgErseQvn79SqPRqDFkoWn9xM3OvL67tLTE4/EaGxs5HM7g4CAZY7fbqR+NkJWVFR8fL5FIyBGBQBAfH19ZWUl0ybfRCF1dXWRdEd4rAwD8Ke4/x/j6+qanp8vl8qysLGIkODjYYrGMjo7+1DoymWxmZubTp08KhUIikbgyRa1W83i8iIgIcoTD4VgslpGREfKHhwihoaGhU6dOdXZ2GgyGqamp6upqoqxEPeoWMVarlWhwuVwOh/P48WOTyTQ6OqpQKLZe3EWlpaVCoVAqlcpksry8PHLcx8eHz+c7BYtEIp1Ol5aWRo6kpqbqdDqRSIQQGhkZiYyMfPLkydzcnMlk6u7uzsvLu3btGnUFq9VqtVoNBkNTU1NZWRl1R/IqiXobAQDAfb+SoFpaWjAMI7/QxnFcoVD4+/vX19e7+ByDYVhlZWVISAiLxbp8+TKx1LbPMcXFxaWlpU6rlZSUOG1ts9kUCkV0dPQ///wTEhKSnZ1N/WqdOOqzZ882jHHauqurKyEhwc/Pj8fjyWQy4nc5rkzc7Dmmt7cXwzDiGc5isezbt6+hoWHDKYTh4WGEEPVx58WLFxiGkV/st7W1iUQiJpPp7+8fFxdXV1dH3ZT8c9NotAMHDpBvEzhdJdXW1m79twMAAFd44Tj+u9LZjomJiWloaDhy5MifPggAAICt7MocAwAAYFfY5t1lLpe74fj4+Ljr/5DijiwCAABg19nmOYb4Mfl6YWFhru+xI4sAAADYdaBWBgAAwFN29/9RBgAA4G8GOQYAAICnQI4BAADgKZBjAAAAeArkGAAAAJ4COQYAAICnQI4BAADgKZBjAAAAeArkGAAAAJ4COQYAAICn/Af0Hr4gm29mvwAAAABJRU5ErkJggg==) --- Research's Comment: ![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAGC0lEQVR4nO3cP2gTbRwH8CcxXFO5xERNrDbV1Ip1EJFSxC6Z/ANVjhvaCCK6SHQICh1ECkpErLEqiEMmB+3g4BBKkeAgItmsL+cNR4mh1CSmaWzFtnrGs6Z53uHwCElsfNucjX2/n6l5es/v+V6G/HrPQ2qglBIAAAAdGFc7AAAArFnoMQAAoBf0GAAA0At6DAAA6AU9BgAA9IIeAwAAekGPAQAAvaDHAACAXv5bj0kmk3a7fekLLBbL8i6YmZnp7e212+0Gg8FgMGzduvXixYvfv3/XKclvXvPHzM/P37x5c7VTAADUUh09x/h8voWFBVEUFUVRFOXly5eSJAWDwdXO9YfMzc0NDAysdgoAgFqqlx7z48ePp0+fPnjwYMeOHQ0NDQ0NDe3t7QMDA+FweLWjAQDAMlXvMZOTk0ePHrVYLO3t7Y8fP9bGp6amjh07ZrFYWltb7969W3Hn6vXr111dXY2NjQ6Ho7e3d3JyUh2/devWli1b7Hb7mTNnvn37RgjJZrMMwzgcDkLIq1ev2tra7HZ7JBJJp9O6JqkYpsSv6n/9+vXcuXMOh6OlpeXatWuLi4snTpy4ceOGNrGrq+vRo0fFpdTdudu3b5esOD8/73a7ZVk2GAwlUwAA/l7Ve4zf77darWNjY5FIpPiT3e/3MwwzPj7+/PnzoaGhinMFQfD5fNlsVpIkl8vl9/sJIbIs//OTIAiDg4OEkEKhYDQatcperzcejwuCUCgU9EvyqzDl70DF+hcuXMhkMoIgPHv2bGRkJBQKeb3e4eFh9bdTU1OiKPI8X1JNluXR0dGSFTds2BCLxViWVRTl1KlTFW8BAODvQ5eUz+fNZnMqlVJfhsNhm82mjU9MTJSMJxIJlmUrlhofH29qakokEoSQ4oKdnZ3FE3O5nNFo/PjxI6X0xYsXalk9kqjXVAxT/g6U18/n8yzLauMjIyMHDx7M5XJWq1UtGAqFOI4rqbbEiksEBgD4S1V5jpmeniaEtLS0qC/37NmjjRcKhdbW1pLxEm/evDl8+HBzc7PD4Thw4ICiKIQQs9lcXDCVShVP+fTpE8MwmzZtIoS4XC5dk1QNs0T96enphYWF4vFEItHY2Njd3a0+yoTDYa/XW56k6ooAAGuGvmf+PM97PJ5oNCqKYiQS+Z0pxZtmxRtlfz7J8qjbZbOzs6OjoxzH6bcQAED9q9JjnE4nIeT9+/fqy3g8ro0bjcZkMqm+jMVi5XNnZmYymcyVK1fa2tqam5vNZrM6rihKccHt27cTQoxGo9pRNm7cqCjK7OwsIaT4b3w9kvwqTMk7ULG+0+lkGObdu3fauNvtJoR0d3eLojg0NHTo0KGKX76puiIAwNpRdTeN5/menp50Oi1J0v79+7UDkp6eHp7nE4mEJEn79u1Txz9//mwymWKxWD6fp5Q6nc5QKDQ3NxePx3met9ls6oFEccFAIEApzeVyJpNJEARKqcfjuXTpUiaT4ThOW67mSejP05HyMJRSRVG0dSvWp5SePXuW47hUKiVJUkdHx/3799XxkydPWq3WJ0+eaBW0akusKMuyyWSKx+P/YacTAKC+Ve8x6XT6yJEjLMvu3r37zp072idsNps9fvw4y7JutzsYDGrjly9fXr9+/cOHDyml0Wi0s7PTbDY3NTX19fWpPYZl2cHBQafTabPZTp8+ncvl1Il9fX3nz5+nlI6Njakf5f39/cU9prZJ6M9j9vIwJcfvv6ovy7LP59u8ebPL5QoEAmozo5QODw+zLKvdV3E19edgMFh++5TSQCCgBQYAWAMMlNKVPwy9ffvW4/F8+PBhhXUWFxfXrVtXD0l0qp9MJvfu3fvly5fapgIAqE+1OfMXRXHnzp0rr7PCBlPDJKtVHwBgLTEte+b169e3bdvGcdzExER/f//Vq1drGKuuktTPnQIA/GWWvcsWjUY7OjoYhtm1a9e9e/dqt31Xd0lqWB9ftASA/5XanMcAAACUq5f/uwwAAGsPegwAAOgFPQYAAPSCHgMAAHpBjwEAAL2gxwAAgF7QYwAAQC/oMQAAoBf0GAAA0At6DAAA6OVfXgb5o8PDvsAAAAAASUVORK5CYII=) --- **Mirror:** [Click here to view the mirror](<http://1161507.openbounty.org/mirror/>) ### Coordinated Disclosure Timeline Vulnerability Reported:| 14 May, 2020 21:44 GMT ---|--- Vulnerability Verified:| 15 May, 2020 09:00 GMT Website Operator Notified:| 15 May, 2020 09:00 GMT a. Using the ISO 29147 guidelines| ![](/images/done.png) ---|--- b. Using publicly available security contacts| ![](/images/done.png) c. Using Open Bug Bounty notification framework| ![](/images/done.png) d. Using security contacts provided by the researcher| ![](/images/done.png) Public Report Published [without any technical details]:| 15 May, 2020 09:00 GMT

{"id": "OBB:1161507", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "bibliotecas.dglab.gov.pt Improper Access Control vulnerability ", "description": " \n\n\nOpen Bug Bounty ID: OBB-1161507\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; \n&nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence.\n\nAffected Website:| **[bibliotecas.dglab.gov.pt](<http://bibliotecas.dglab.gov.pt>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[IAC (Improper Access Control)](<https://www.owasp.org/index.php/Broken_Access_Control>)** / CWE-284 \nCVSSv3 Score:| 6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **theotalportista ** \nRemediation Guide:| **[OWASP Access Control Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Access_Control_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAANZklEQVR4nO2df0xT1xfAr1i0wGsFbAurdVLigCwbI4QQSBx20zCDhNQNxTCdmhm3ENSGOMf4gzF1okzMJAshxD82/3DMP0hDFmJMw5auI4Y19a1rWCWEla4WQsrvirXWvu8fN3t53/erTxQBPZ+/eu8795xzz7nN6TuvhTUURSEAAAAAWALiltsBAAAA4IUFagwAAACwVECNAQAAAJYKqDEAAADAUgE1BgAAAFgqoMYAAAAAS8WKqDF6vf7PP/8UGgIvBqslravFTwBYFSx/jfnrr7+i0ehbb73FOwReDFZLWleLnwCwWohRY0ZHRxUKBe+l2dnZ5uZmoaF0enp6KioqWEMhu/R8TIGY/j+958+E0dHRlJQUcYGYW5Ai89zgjScry4tQFXOPEo+EONzjt/KPkDjT09NHjhxRq9WbNm36/PPPHz16dPDgwZMnT9ICv/32W3x8/OzsLD2zffv2K1euzM/Pnzx5csuWLQkJCdnZ2RcvXnz8+DEWGB0dXfMf8fHxb7755k8//UQvX1GnEVh+KFE8Hg9BEFIuiUiKU1hYeOvWLdZQRFsoFBIxx53H8iIs2vNngsfjSU5OFheI6d7yboEFrzOsLC9OlXgqY54ZKfAevxV+hMSpqKiorq72+Xxut3vbtm319fWdnZ35+fm0QGNjI0Kou7sbD8PhsFwuJ0mysrLSaDS63e6JiQmLxWIwGAYGBrAM3m8oFAqFQhMTE11dXSqV6ueff2Zefc7bBFYssuWtcGNjY0NDQwaDgTX0+/1CS9avX/9EJp5UHnjmsLK8aBadSokLhY7f6j1CDx48cDgcbrc7KSkJIXT58uXq6ure3t6ampr5+Xl8t2GxWHJzc/v6+vbs2YMQGhgYkMvlWVlZZrM5EAhs2LABIbRjx44dO3awlOOwqNXqqqqqmZmZ9vb23bt3P+8dAiseSc9jrly5otfrN27cePDgQXxPPTs7m5GREQwG16xZ88MPPzCHly9fVigU33zzTVpaWkpKyqFDhx48eCCkuaenp7S0ND4+nnd48eJFlhLWbThXgAVT/v79+5988olard68efNXX32Fb/xZG0EIPXz48OOPP1YoFFu2bPnyyy+x2OPHj7/44ou0tLSkpKS9e/dOTk5inX/88UdxcXFCQoJard67d++9e/fw5Ntvv61QKDZt2vTBBx/8/fffLK/u3bv33nvvKRSK7Ozs69ev0/NjY2O7d+9WKBR6vb61tVWoh8ZrVEo0hPTzRqaqqurrr7+m1xYXF+P4MAPLzTI3nty0cuG1xVIlsQMjfmbw69bWVr1en5KS8uGHHzJ7RLx+suxyk8vdcswDIJRB7kKmw0lJSVVVVZOTk5999plard64ceORI0fu37+PEPrnn3+SkpLu3LmDEJqcnExJSfnll18QQgkJCf/++y8uMAih4eFhrVb72muvaTSa/v5+hND8/LzD4Th37pzFYsEyNputpKQkGo0ihGQyqZ9BCwsLXS6XRGHgpSJ2jQkGgyRJ9vf3DwwM+P3++vp6hNCGDRvcbje+Xz5w4ABzuGfPnmAwODAwYLfb7Xa7w+FoaWkRUs77MIa2a/8PXiUxBVicOHHC7/c7HI6bN2/29PS0t7dzN4IQOnPmzMLCgtPpvHnzptVq7ejoQAi1tLRYLBaLxTI0NKTVagcHB7FOh8Nx7Nix8fFxl8ul0+lqa2sRQuXl5YcPH/Z6vTabbdu2bXK5nOVJbW2tUqkcHBzs7e1l1pja2tp169YNDw9bLJZr164JbYTXqJRoCOnnjcy+ffvMZjMWGBsbI0nSaDSy4s/NMjeeSMLDGF5bvKrEkRKEYDDodDrxefZ6vQ0NDfQlKQ+NuMnl+hnzAPBmUGghfgPabDaSJP1+f05OTiAQcDqdt2/f9ng82H+9Xt/Q0GAymRBCjY2NZWVl77zzDsvo3bt3T506denSJYSQwWCw2WwIoV9//TUvL2/Xrl0+nw+XOpvNZjAYkpKSysrK9u/f//vvv+MyJk5qaurc3FxMMeBlRLyV5vF4EEJzc3N42N/fn5mZSV/ifR6Dl3i9Xjzf3d1dUFCAX3u93oyMDHpJMBgkCGJqaoo7FFIS04qQV5FIhCCIkZERPN/T01NUVMS7EZVKFQwG8WuSJAsLCymK0mg0DodDPFbDw8Pp6elTU1MymUykgx+JRORyOdNz/DwGz9Me0vPi3W1sVCTmLLtc/UKRWVhYUCqVWGd7e3tFRQVTm4hFlsOsLPMiZIupKmaXX8qRYJ1nm81Gn2fW8eO1K5RcKTJC4AwKLcQOz8zM0A7HxcUtLCzgYX9//9atW/HrcDick5PT1NSkUqnGx8dZVnw+X2ZmZldXFx52dnYaDAaKokwmU2NjI0VR5eXl33//PUVRqampdrudoqi5ubn6+vqsrCyZTLZ169ampqZIJMLdLz1DP1aE5zEAk9j3wgRB0L0CrVY7NTUVc4lcLt+8eTN+nZOT4/V66eX4Dh1z69atwsJCumPDGgopiWmFl4mJiXA4rNfraXn87mUxPT0dCAQyMjLwMBqNymSy2dnZqamp3NxcrvydO3dOnz49ODgYDoej0Wg0Gk1JSamsrCwqKnr33Xe1Wm1BQcH27dtZniCEmJ7T89FolOmh0F64RqVEQ0i/UGQSEhLKysrMZvPx48e7u7sPHz7MUigx/qy08hLTlkSkuMQ8zzqdjj7PUvyMmVyJMrwZFFpIEAR+KIIdViqVCQkJeKjVagOBAH4dHx//3Xff7dy5s62tLS0tjWWxsrLSZDJVVVXhYUlJiclkevTokcViwbetpaWlFoslPz8/Eonk5eUhhBQKRXNzc3Nz88OHDx0OR11dXSQSOXv2rEh8AIDLc/19zNq1a1955RV6KNIoWy5CoVBcXJzdbidJkiRJp9NJkiS+tHbtWq680WgsKSmxWq0kSfb29uLJH3/88erVq7m5ueFwuK6u7vjx48/WSV6jSwFuYU1PTw8MDCw6NRLT+kxsPQ0S/ZSS3JgyQhl8ypMzPj4eFxc3Pj7Omh8bG3M6nUxt2dnZycnJvb29Xq+3qKgIIbRz586+vj7co2Md9fXr1xcXF7e1td24cUPI9NTUlFKpfCJvgZcF8dscbutJ6I5YqItlNpu5fRuKoiKRiEqlols0rKGQkphWnr5XRhAEty2m0WhIkmRNTkxMyGQyekiSJPdbyCRJ6nQ61saZvTKz2czslXk8Hjwv1CvjNSol5kL6RSITCoVSU1O//fbb999/n6VNxCLTYVZaReC19TS9Mt4jIXSeucdPil06uVJkaKQcG3qhyBuQNZyZmUlPT+/q6kpNTR0cHGSqikQi3BTs378/Ly+vvLycntHpdHl5eS0tLXhId4wxVqtVqE9OUVRHR0dZWZnQVeBlZvE1JhgMymSyoaEh1hC/1SsrK30+n8vlysvLa2pqojXQ7War1frGG2/Q86yhkBJWjeEKzM3NyWQyt9uNe8dM/48ePVpRUeH1el0uV35+fltbG+9GPv3006KiIpfL5ff7W1pazpw5Q1HU+fPnCwsLnU6nz+erra21Wq1YWKPRtLe3z8zMDA0NGY3G5OTkwcHBXbt29fX1BQIBr9d79OhR+m1M791oNDI9p0OKf5Hg8XhcLldubi6eZ+2I16hIzJn9fV79IpGhKKq6ulqpVN64cYOVQRGLzHiy0ioO1xZTlcQaI3JmuEro88zykxlz5hKh5DL9FJJhJoKbQaGF0mtMTU3Nvn37KIo6d+4cftbChPt8CH+ZhZlr3KLEP4Jxu90ajaazs9Pv98/MzOD4nD9/nhlG/PuYQCDA+/uY0P9Dn17gZWPxNYaiqKampsTERPyokB62trYSBHHhwgWNRpOcnPzRRx/RjyiZ2k6dOtXQ0ECrYg2xZEtLC0sJs8bwClAUVV9fT3vFtBgMBo8dO6ZSqXQ6HfMBJmsjoVDIZDLpdLrExMSysjL8ATASiZw+fVqlUsnlcqPRGAgE8EKr1VpQUCCXy9PT0+vq6pKTk8PhcFNTU1ZW1rp16zQazYEDB/ADWKYnPp+vtLSUIIisrKxLly7RIR0fHy8vLycIIiMj48KFC/Q8c0e8RmOGS1y/SGTMZjNBENwM4he8WWbGk5VWcVi2WKqk1JiYQRA6z1w/6Zgzlwgll+knrwzLLjeDQsol1hi73U4QBL6HC4VCGRkZ165dE1qFcbvdCCHmHc/169cJgqCz39vbazAYlEplYmJibm5uZ2cnUyHdCJHJZK+//jr9bQLWVZqOjg6R3AEvMDFqzCKQeKeclZV1+/ZtoSGAP0iuWP2Ly/KKZbX4CQCrjmX7nf/du3dFhgBJkpmZmatXP2a1pHW1+AkAq45l/lsyAJOzZ89qtdqKioqRkZGGhgb8h6RWkf6YqNVq3vmRkRHpf0XxmSgBAOD5ADVmBWEwGEwmU01NzauvvnrixIlDhw6tLv0xob8IzuKJasMzUQIAwPNhDUVRy+0DAAAA8GKy/P+jDAAAAHhRgRoDAAAALBVQYwAAAIClAmoMAAAAsFRAjQEAAACWCqgxAAAAwFIBNQYAAABYKqDGAAAAAEsF1BgAAABgqYAaAwAAACwV/wMNuPwGbm96PgAAAABJRU5ErkJggg==) \n--- \n \nHTTP POST data:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAI2klEQVR4nO3dbUhTbxsA8Fvd/jo9zm05HXNhiqkEmYSYRs0VIjaGRFkzstKIPoiiDCsRGYNeRCkoERMrMD+U9kFESEKGhq4RU+Yy8yXFdL4Sbjpdts2183w4/A/nmW9rucrnuX6f7vs+1/2y44eLc+2svHAcRwAAAIAHeP/pAwAAAPifBTkGAACAp0COAQAA4CmQYwAAAHgK5BgAAACeAjkGAACAp+z6HBMREfHhw4c/fQoAAAAb2N055uPHjw6H49ChQ3/6IAAAADawkznGZDKVl5cT7cnJycDAwK3jN4txZS6htbU1IyPDaYor06lH/assLi7m5uZyudywsLBbt26tra1dunSpsLCQDOju7qbT6SaTiRxJSUl59OjRyspKYWFheHg4g8GIiYmpqKj48eMHETA5Oen1LzqdfvDgwaamJnK663cbAAB+1k7mmKWlpXv37hHt8PDwhYUF99ZxfS6ZY352OvWof5WcnBybzabT6To6OtRqtVwuFwqFKpWKDFAqlXa7vaOjg+iura1pNBqRSHT16lW9Xt/e3q7X62tqat68eaPVaslZGIZZLBaLxTI7O1tWVpafn//69evf/dkAAP+H8J0zMTGBYZjn4p3Mzs6yWCybzfb7t/aQ1dVVgUBgNpuJrkajiYqK+vz5M41GW15eJgaPHj0aFxeXn59PdFUqFYvFWl1dpdFoS0tLGy67/sPW1taKxeLNrgIAwE5x8zlGKpXevXuX7CYnJ9fW1u7bt89sNnt5eT1//tz1CkxFRUVoaCibzb5y5cr3798RpXpDNB48eBAREcFmsy9evEitEbW2tqalpdHpdKcFqVv39PQcP348MDAwLCzs7NmzQ0NDCCGTyUQ96oYxTnp6epKTkxkMBpfLPXfu3MzMzGaLU88cEBAglUoNBsONGze4XO6ePXtyc3O/ffuGEPry5UtAQEBfXx9CyGAwsNnszs5OBoMxNTUVEBBAbDo2Nsbn8/fv3x8SEqJWqxFCKysrWq32zp07SqWSiFGpVEKh0OFwIIRoNJorNxwhlJiYODAw4GIwAAC4zc0cc/78+ZaWFqI9Nzen0+kuXLgwPDxM1GSys7NdXMdsNvf+S6vVVlZWrg/o7+9Xq9UajUav15eWlpKXNiyUOZFIJDk5OXq9XqVSHTt2zM/PDyEUFBREPeqGMU60Wu3169fn5+cHBgYEAkF+fv5mixNn1ul0KpVKp9PNzs7GxsYuLCz09/e/f/9+YmKC+AgRERGlpaVFRUUIIblcLhaLT5w4Qd1xZGSkuLj4/v37CCGRSESUy96+fRsfH5+enj49PU3kOZVKJRKJAgICxGJxVlbWu3fviBy2NQ6Hs7y8vG0YAAD8Kvcef1ZXV5lMpl6vx3G8pqYmIyMD/++qiysVmImJCYQQsQiO483NzQkJCdS5RABZJlKpVJGRkUTbbDZjGGY0GtdvR7aNRiONRrNYLBtuvW3MZsbGxng83mYTiTOTZSuVSuXt7b26ukp01Wp1VFQU0bbZbLGxsQqFIjg4eH5+nrrI9PR0ZGRkY2Mj0a2rqxOJRDiOFxUVyeVyHMclEkl9fT2O4xwOp7e3F8fx5eXlkpKS6OhoGo0WFRWlUCjsdvv6m0OOsFisza4CAMBOcbW64oTBYIjF4paWloKCgubm5pycHPfW8fPz27t3L9GOjY3V6/VOARiGkYUvgUBgNBqJdnt7e2JiIpvN3mJxNpudmZmZlJR08uRJPp+fkJCQkpLiRgxCqK+v7+bNm4ODgzabzeFwOByOLSZiGBYUFESemclkMhgMosvn88n3Eeh0enV1dWpqalVVVWhoKHW7zMzMoqIiqVRKdIVCYVFR0dramlKprKmpQQilpaUplcrDhw/b7fb4+HiEUGBgYHl5eXl5udVq1Wq1MpnMbrffvn17i/sDAACe5v57ZUS5bHFxUaPRbFuz2nGuFMoQQi9fvnz69GlcXJzNZpPJZAUFBe7FnD59WigUdnV16XS6trY21ydubX5+3tvbe35+njo4NzfX399PXS0mJobFYrW1ten1+qSkJIRQampqR0cHUaPz8fGhTvf19U1OTq6qqnr16tVm+xqNRiaT+bOnBQCAn+b2E5DFYuFwOA8fPjxz5gwx8ou1spaWlvW1MuoiZIXHbrcHBwePj49TL227tU6nEwgErseQvn79SqPRqDFkoWn9xM3OvL67tLTE4/EaGxs5HM7g4CAZY7fbqR+NkJWVFR8fL5FIyBGBQBAfH19ZWUl0ybfRCF1dXWRdEd4rAwD8Ke4/x/j6+qanp8vl8qysLGIkODjYYrGMjo7+1DoymWxmZubTp08KhUIikbgyRa1W83i8iIgIcoTD4VgslpGREfKHhwihoaGhU6dOdXZ2GgyGqamp6upqoqxEPeoWMVarlWhwuVwOh/P48WOTyTQ6OqpQKLZe3EWlpaVCoVAqlcpksry8PHLcx8eHz+c7BYtEIp1Ol5aWRo6kpqbqdDqRSIQQGhkZiYyMfPLkydzcnMlk6u7uzsvLu3btGnUFq9VqtVoNBkNTU1NZWRl1R/IqiXobAQDAfb+SoFpaWjAMI7/QxnFcoVD4+/vX19e7+ByDYVhlZWVISAiLxbp8+TKx1LbPMcXFxaWlpU6rlZSUOG1ts9kUCkV0dPQ///wTEhKSnZ1N/WqdOOqzZ882jHHauqurKyEhwc/Pj8fjyWQy4nc5rkzc7Dmmt7cXwzDiGc5isezbt6+hoWHDKYTh4WGEEPVx58WLFxiGkV/st7W1iUQiJpPp7+8fFxdXV1dH3ZT8c9NotAMHDpBvEzhdJdXW1m79twMAAFd44Tj+u9LZjomJiWloaDhy5MifPggAAICt7MocAwAAYFfY5t1lLpe74fj4+Ljr/5DijiwCAABg19nmOYb4Mfl6YWFhru+xI4sAAADYdaBWBgAAwFN29/9RBgAA4G8GOQYAAICnQI4BAADgKZBjAAAAeArkGAAAAJ4COQYAAICnQI4BAADgKZBjAAAAeArkGAAAAJ4COQYAAICn/Af0Hr4gm29mvwAAAABJRU5ErkJggg==) \n--- \n \nResearch's Comment:\n\n![](data:image/png;base64, iVBORw0KGgoAAAANSUhEUgAAAiEAAAAjCAIAAADNIk3yAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAGC0lEQVR4nO3cP2gTbRwH8CcxXFO5xERNrDbV1Ip1EJFSxC6Z/ANVjhvaCCK6SHQICh1ECkpErLEqiEMmB+3g4BBKkeAgItmsL+cNR4mh1CSmaWzFtnrGs6Z53uHwCElsfNucjX2/n6l5es/v+V6G/HrPQ2qglBIAAAAdGFc7AAAArFnoMQAAoBf0GAAA0At6DAAA6AU9BgAA9IIeAwAAekGPAQAAvaDHAACAXv5bj0kmk3a7fekLLBbL8i6YmZnp7e212+0Gg8FgMGzduvXixYvfv3/XKclvXvPHzM/P37x5c7VTAADUUh09x/h8voWFBVEUFUVRFOXly5eSJAWDwdXO9YfMzc0NDAysdgoAgFqqlx7z48ePp0+fPnjwYMeOHQ0NDQ0NDe3t7QMDA+FweLWjAQDAMlXvMZOTk0ePHrVYLO3t7Y8fP9bGp6amjh07ZrFYWltb7969W3Hn6vXr111dXY2NjQ6Ho7e3d3JyUh2/devWli1b7Hb7mTNnvn37RgjJZrMMwzgcDkLIq1ev2tra7HZ7JBJJp9O6JqkYpsSv6n/9+vXcuXMOh6OlpeXatWuLi4snTpy4ceOGNrGrq+vRo0fFpdTdudu3b5esOD8/73a7ZVk2GAwlUwAA/l7Ve4zf77darWNjY5FIpPiT3e/3MwwzPj7+/PnzoaGhinMFQfD5fNlsVpIkl8vl9/sJIbIs//OTIAiDg4OEkEKhYDQatcperzcejwuCUCgU9EvyqzDl70DF+hcuXMhkMoIgPHv2bGRkJBQKeb3e4eFh9bdTU1OiKPI8X1JNluXR0dGSFTds2BCLxViWVRTl1KlTFW8BAODvQ5eUz+fNZnMqlVJfhsNhm82mjU9MTJSMJxIJlmUrlhofH29qakokEoSQ4oKdnZ3FE3O5nNFo/PjxI6X0xYsXalk9kqjXVAxT/g6U18/n8yzLauMjIyMHDx7M5XJWq1UtGAqFOI4rqbbEiksEBgD4S1V5jpmeniaEtLS0qC/37NmjjRcKhdbW1pLxEm/evDl8+HBzc7PD4Thw4ICiKIQQs9lcXDCVShVP+fTpE8MwmzZtIoS4XC5dk1QNs0T96enphYWF4vFEItHY2Njd3a0+yoTDYa/XW56k6ooAAGuGvmf+PM97PJ5oNCqKYiQS+Z0pxZtmxRtlfz7J8qjbZbOzs6OjoxzH6bcQAED9q9JjnE4nIeT9+/fqy3g8ro0bjcZkMqm+jMVi5XNnZmYymcyVK1fa2tqam5vNZrM6rihKccHt27cTQoxGo9pRNm7cqCjK7OwsIaT4b3w9kvwqTMk7ULG+0+lkGObdu3fauNvtJoR0d3eLojg0NHTo0KGKX76puiIAwNpRdTeN5/menp50Oi1J0v79+7UDkp6eHp7nE4mEJEn79u1Txz9//mwymWKxWD6fp5Q6nc5QKDQ3NxePx3met9ls6oFEccFAIEApzeVyJpNJEARKqcfjuXTpUiaT4ThOW67mSejP05HyMJRSRVG0dSvWp5SePXuW47hUKiVJUkdHx/3799XxkydPWq3WJ0+eaBW0akusKMuyyWSKx+P/YacTAKC+Ve8x6XT6yJEjLMvu3r37zp072idsNps9fvw4y7JutzsYDGrjly9fXr9+/cOHDyml0Wi0s7PTbDY3NTX19fWpPYZl2cHBQafTabPZTp8+ncvl1Il9fX3nz5+nlI6Njakf5f39/cU9prZJ6M9j9vIwJcfvv6ovy7LP59u8ebPL5QoEAmozo5QODw+zLKvdV3E19edgMFh++5TSQCCgBQYAWAMMlNKVPwy9ffvW4/F8+PBhhXUWFxfXrVtXD0l0qp9MJvfu3fvly5fapgIAqE+1OfMXRXHnzp0rr7PCBlPDJKtVHwBgLTEte+b169e3bdvGcdzExER/f//Vq1drGKuuktTPnQIA/GWWvcsWjUY7OjoYhtm1a9e9e/dqt31Xd0lqWB9ftASA/5XanMcAAACUq5f/uwwAAGsPegwAAOgFPQYAAPSCHgMAAHpBjwEAAL2gxwAAgF7QYwAAQC/oMQAAoBf0GAAA0At6DAAA6OVfXgb5o8PDvsAAAAAASUVORK5CYII=) \n--- \n \n**Mirror:** [Click here to view the mirror](<http://1161507.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 14 May, 2020 21:44 GMT \n---|--- \nVulnerability Verified:| 15 May, 2020 09:00 GMT \nWebsite Operator Notified:| 15 May, 2020 09:00 GMT \na. Using the ISO 29147 guidelines| ![](/images/done.png) \n---|--- \nb. Using publicly available security contacts| ![](/images/done.png) \nc. Using Open Bug Bounty notification framework| ![](/images/done.png) \nd. Using security contacts provided by the researcher| ![](/images/done.png) \nPublic Report Published \n[without any technical details]:| 15 May, 2020 09:00 GMT\n", "published": "2020-05-14T21:44:00", "modified": "2020-08-12T21:44:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1161507/", "reporter": "theotalportista", "references": [], "cvelist": [], "lastseen": "2020-08-20T02:09:15", "viewCount": 4, "enchantments": {"dependencies": {}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.2}, "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://1161507.openbounty.org/mirror/"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645686359, "score": 1659823045}, "_internal": {"score_hash": "18dd393325d1c5ac04c68c27360b8e45"}}