- Description
- Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the administrative interface and premium features by tampering the boolean value of parameters "isAdmin" and "isPremium" located on device storage.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:testes-codigo:testes_de_codigo:*:*:*:*:*:android:*:*",
"vulnerable": true,
"matchCriteriaId": "706D1B98-0971-4FF6-BBC1-98430941EEAB",
"versionEndIncluding": "11.4"
},
{
"criteria": "cpe:2.3:a:testes-codigo:testes_de_codigo:*:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "74ACB733-28D4-40C2-9752-8A6638D0F972",
"versionEndIncluding": "11.4"
}
],
"operator": "OR"
}
]
}
]