← Volver a CVEs
CVE-2026-23843
HIGH7.1
Descripcion
teklifolustur_app is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference (IDOR) vulnerability exists in the offer view functionality. Authenticated users can manipulate the offer_id parameter to access offers belonging to other users. The issue is caused by missing authorization checks ensuring that the requested offer belonged to the currently authenticated user. Commit dd082a134a225b8dcd401b6224eead4fb183ea1c contains a patch.
Detalles CVE
Puntuacion CVSS v3.17.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/19/2026
Ultima modificacion1/26/2026
Fuentenvd
Avistamientos honeypot0
Debilidades (CWE)
CWE-639
Referencias
https://github.com/sibercii6-crypto/teklifolustur_app/commit/dd082a134a225b8dcd401b6224eead4fb183ea1c(security-advisories@github.com)
https://github.com/sibercii6-crypto/teklifolustur_app/security/advisories/GHSA-6h9r-mmg3-cg7m(security-advisories@github.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.