CVE-2025-55886

Description

An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists in the fe_uid parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization.

Affected Component

https://services.ard.fr/?eID=tx_afereload_records&_dc=1743696277812&fe_uid={USERID]&startTimestamp=1741017877&endTimestamp=1743782677&mobile=1&page=1&start=0&limit=100

Affected Product Code Base

ARD GEC en Ligne - Not versioned - Patched on 2025-04-23

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2025-55886

Description

Affected Component

Affected Product Code Base

Reseachers

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

CVE-2025-55886

Description

Affected Component

Affected Product Code Base

Reseachers

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Packages