CVE-2026-23843 (CNNVD-202601-3010)
中文标题:
Teklif Yönetim Sistemi 安全漏洞
英文标题:
teklifolustur_app's IDOR vulnerability allows unauthorized access to other users' offers
漏洞描述
中文描述:
Teklif Yönetim Sistemi是sibercii6-crypto个人开发者的一个管理跟踪客户报价的软件。 Teklif Yönetim Sistemi存在安全漏洞,该漏洞源于报价查看功能中缺少授权检查,可能导致经过身份验证的用户访问其他用户的报价。
英文描述:
teklifolustur_app is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference (IDOR) vulnerability exists in the offer view functionality. Authenticated users can manipulate the offer_id parameter to access offers belonging to other users. The issue is caused by missing authorization checks ensuring that the requested offer belonged to the currently authenticated user. Commit dd082a134a225b8dcd401b6224eead4fb183ea1c contains a patch.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| sibercii6-crypto | teklifolustur_app | < dd082a134a225b8dcd401b6224eead4fb183ea1c | - | - |
cpe:2.3:a:sibercii6-crypto:teklifolustur_app:<_dd082a134a225b8dcd401b6224eead4fb183ea1c:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (cna)
HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2026-23843 |
2026-01-20 02:19:58 | 2026-01-19 19:10:35 |
| NVD | nvd_CVE-2026-23843 |
2026-01-20 03:00:05 | 2026-01-19 19:10:38 |
| CNNVD | cnnvd_CNNVD-202601-3010 |
2026-01-26 02:10:03 | 2026-01-25 18:11:53 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202601-3010
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']