CVE-2025-40673 – DinoRANK Unauthorized Invoice Access

CVE ID : CVE-2025-40673

Published : May 28, 2025, 11:15 a.m. | 27 minutes ago

Description : A Missing Authorization vulnerability has been found in DinoRANK. This
vulnerability allows an attacker to access invoices of any user via
accessing endpoint ‘/facturas/YYYY-MM/SDRYYMM-XXXXX.pdf’ because there
is no access control. The pdf filename can be obtained via OSINT,
insecure network traffic or brute force.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

نوشته های مشابه

CVE-2025-48389 – FreeScout Deserialization Vulnerability (Arbitrary Code Execution)

CVE-2025-48390 – FreeScout Remote Code Injection Vulnerability

CVE-2025-48471 – FreeScout Apache Remote Code Execution Vulnerability

CVE-2025-48472 – FreeScout Access Control Bypass