Multiple vulnerabilities in Qualifio's Wheel of Fortune
Posted date 21/01/2025
Identificador
INCIBE-2025-0028
Importance
3 - Medium
Affected Resources
- Wheel of fortune
Description
INCIBE has coordinated the publication of 2 medium severity vulnerabilities affecting Qualifio's Wheel of Fortune, which have been discovered by Aldayr Ruiz (xsmaky).
These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability:
- CVE-2025-0614 and CVE-2025-0615: CVSS v3.1: 5.3 | CVSS AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N | CWE-22.
Solution
The reported vulnerabilities have been resolved by Qualifio.
Detail
- CVE-2025-0614: input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted.
- CVE-2025-0615: input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability allows an attacker to modify an email to contain the ‘+’ symbol to access the application and win prizes as many times as wanted.
Although Qualifio has addressed the reported bugs, they do not consider them to be vulnerabilities.
References list
Etiquetas