Invoice System
Monthly
Improper authorization in Sushmi-pal Invoice-System (up to commit a0a3faa16dee2621b231ae227333f5761607283b) enables authenticated low-privileged users to manipulate the `ID` parameter on the `/profile` endpoint to access or modify profile records belonging to other users - a classic horizontal privilege escalation pattern. The CVSS 4.0 score is 2.1 (Low), reflecting constrained integrity-only impact with no confidentiality or availability consequence, and a proof-of-concept exploit has been publicly disclosed on GitHub. No patch exists; the vendor did not respond to responsible disclosure, and no public exploit is confirmed in CISA KEV.
Improper authorization in Sushmi-pal Invoice-System exposes its User Management Handler to privilege escalation by authenticated remote attackers who manipulate the `role` argument on the `/user` endpoint. Affected instances include all code up to commit a0a3faa16dee2621b231ae227333f5761607283b; the project uses a rolling release model with no discrete versioning. A publicly available proof-of-concept exploit exists on GitHub, though EPSS sits at just 0.03% and SSVC rates the attack as non-automatable with only partial technical impact - no confirmed active exploitation (CISA KEV) has been identified.
Improper authorization in Sushmi-pal Invoice-System (up to commit a0a3faa16dee2621b231ae227333f5761607283b) enables authenticated low-privileged users to manipulate the `ID` parameter on the `/profile` endpoint to access or modify profile records belonging to other users - a classic horizontal privilege escalation pattern. The CVSS 4.0 score is 2.1 (Low), reflecting constrained integrity-only impact with no confidentiality or availability consequence, and a proof-of-concept exploit has been publicly disclosed on GitHub. No patch exists; the vendor did not respond to responsible disclosure, and no public exploit is confirmed in CISA KEV.
Improper authorization in Sushmi-pal Invoice-System exposes its User Management Handler to privilege escalation by authenticated remote attackers who manipulate the `role` argument on the `/user` endpoint. Affected instances include all code up to commit a0a3faa16dee2621b231ae227333f5761607283b; the project uses a rolling release model with no discrete versioning. A publicly available proof-of-concept exploit exists on GitHub, though EPSS sits at just 0.03% and SSVC rates the attack as non-automatable with only partial technical impact - no confirmed active exploitation (CISA KEV) has been identified.