12 matches found
CVE-2023-40362
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...
CVE-2023-40362
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...
Design/Logic Flaw
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...
CVE-2023-40362
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...
CVE-2023-40362
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known...
CVE-2023-40362
CVE-2023-40362 concerns CentralSquare Click2Gov Building Permit prior to October 2023, where a lack of authorization protections lets an attacker delete contractors from another user’s account if they know the victim’s user ID and contractor details. Connected sources confirm the vulnerability ex...
PT-2023-27412 · Centralsquare · Centralsquare Click2Gov Building Permit
Name of the Vulnerable Software and Affected Versions: CentralSquare Click2Gov Building Permit versions prior to October 2023 Description: An issue was discovered in CentralSquare Click2Gov Building Permit, where lack of access control protections allows remote attackers to arbitrarily delete...
8 U.S. City Websites Targeted in Magecart Attacks
Researchers are warning that the websites of eight U.S. cities – across three states – have been compromised with payment card-stealing Magecart skimmers. The websites all utilize Click2Gov municipality payment software, which was previously involved in data breaches. Unlike other skimmers, which...
Hackers Hit Click2Gov Bill-Paying Portals in 8 Cities
The new wave of attacks comes after a previous Click2Gov hack compromised 300,000 payment cards...
Payment Card Breach Hits 8 Cities Using Vulnerable Bill Portal
A vulnerable municipality payment software, which previously led to the breach of hundreds of thousands of payment cards in 2017, has been targeted once again. This time it was part of a breach involving of eight cities in August. The hack targets a flaw in Click2Gov software, which is used in...
Patched Click2Gov Flaw Still Afflicting Local Govs
A vulnerability in a popular municipality payment software, Click2Gov, has left hundreds of thousands of civilian payment cards compromised – and the hacks are ongoing, a new report found. Continual breaches of the vulnerable software have led to the compromise of at least 294,929 payment cards...
Click It Up: Targeting Local Government Payment Portals
FireEye has been tracking a campaign this year targeting web payment portals that involves on-premise installations of Click2Gov. Click2Gov is a web-based, interactive self-service bill-pay software solution developed by Superion. It includes various modules that allow users to pay bills associat...