CVE-2023-36238

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-36238

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-36238.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-36238

Aliases

GHSA-pmc7-hmmw-g96q

Published

2024-03-13T21:15:53Z

Modified

2025-04-15T03:07:22.107811Z

Summary

[none]

Details

Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter.

References

https://github.com/Ek-Saini/security/blob/main/IDOR-Bagisto

Affected packages

Git / github.com/bagisto/bagisto

Affected ranges

Type: GIT
Repo: https://github.com/bagisto/bagisto
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5ac164c8b818d54da01e2633f91cbde40dcb124f

Affected versions

1.*

1.4.0

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.1.4

v0.1.4-BETA1

v0.1.4-BETA2

v0.1.4-BETA3

v0.1.4-BETA4

v0.1.5

v0.1.6

v0.1.6-ALPHA1

v0.1.7

v0.1.7-BETA1

v0.1.7-BETA2

v0.1.8

v1.*

v1.0.0

v1.0.0-BETA1

v1.1.0

v1.1.1

v1.1.2

v1.2.0

v1.2.0-BETA1

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.5.0

v1.5.1