Discovered by Jake Cleland on behalf of The Missing Link Security
MicroRealEstate is vulnerable to an insecure direct object reference (IDOR) vulnerability in which tenants can view invoices from any existing user without authorisation. This disclosed personally identifiable information such as full names and addresses of other users as well as specific details about other users' rental terms.
Fixed Versions:
N/A