An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense (WebTE) interface used for Microsoft Dynamics NAV prior to 2017 allows an malicious user to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xtivia web time and expense |