View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0027262||mantisbt||security||public||2020-09-08 22:50||2020-12-30 08:33|
|Platform||Windows||OS||Windows||OS Version||Windows 10|
|Summary||0027262: Private files can be downloaded by attacker|
Though this issue seems to be a functionality, the attacker can abuse this and view/download the private files due to guessable id (increment_id)
|Steps To Reproduce|
I test this issue with viewer permission and it seems that it validates the endpoint..
|Tags||No tags attached.|
Thanks for your report. This issue has been reported previously (0027039) but as the issue is private you do not currently have access to it.