CVE-2015-2858
The CVE-2015-2858 issue affects the Datalex airline booking software (pre-2015-09-03) and stems from an authorization-check bypass in how the application processes the profileId parameter. By modifying profileId in POST requests to ValidateFormAction.do or ProfileConfirmEditAddressAction.do, an a...