Medium severity6.5NVD Advisory· Published Nov 28, 2022· Updated Jun 17, 2026
CVE-2022-24189
CVE-2022-24189
Description
The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Ourphoto/Ourphoto Appdescription
Patches
Vulnerability mechanics
References
1- www.scrawledsecurityblog.com/2022/11/automating-unsolicited-richard-pics.htmlnvdExploitTechnical DescriptionThird Party Advisory
News mentions
0No linked articles in our index yet.