CVE-2025-63562

Medium CVSS: 6.3

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient server-side authorization. Authenticated attackers can call several endpoints and perform create/update/delete actions on resources owned by arbitrary users by manipulating request parameters (e.g., owner or resource id).

Vendor

Summerpearlgroup

Product

Vacation Rental Management Platform

CWE

CWE-284

Yayın Tarihi

2025-10-31 20:15:53

Güncelleme

2025-11-05 19:24:12

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-284 Vacation Rental Management Platform MEDIUM Summerpearlgroup 2025

Referanslar

https://github.com/Stolichnayer/Summer-Pearl-Group-Broken-Access-Control

Benzer Kayıtlar

Medium

CVE-2025-63563

Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate active user sessions…

High

CVE-2025-63561

Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Serv…

Medium

CVE-2025-5183

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as proble…

Medium

CVE-2025-5184

A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been classified…

Medium

CVE-2025-5181

A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platfor…

Medium

CVE-2025-5182

A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as c…