TUCoPS :: HP Unsorted A :: tb13442.htm

Aida-Web Information Exposure
Aida-Web Information Exposure
Aida-Web Information Exposure

Hi list,

Parameters being transferred per $_GET aren't sanitised properly.


Everyone can read any comment and its poster, although it should be
readable only for superiors

You can see, which supervisor the task was forwarded to and their UniqueIDs

Anyways, everything is acting really strange if you try to test something.
Out of 10 tries, u get
8x All information you want to get
1x a weird name instead of the real one
1x a Errorpage like 404, "session timed out", blank site,...

For all these tests it is not necessary to be logged in.
There might be a lot more bugs, but I can't look for them on a live system :(

Vendor: http://www.aida-orga.de/ 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH