CNNVD-202509-3547 Information

CNNVD ID

CNNVD-202509-3547

Related CVE

CVE-2025-55886

• CNNVD Published: 2025-09-22

Description (Chinese)

ARD GEC en Ligne是法国ARD公司的一个线上服务门户网站。 ARD GEC en Ligne存在安全漏洞，该漏洞源于payment history API端点中fe_uid参数存在不安全的直接对象引用，可能导致未经授权访问其他用户的支付历史。

Description (English)

ARD GEC en Ligne is an online service portal for ARD, France. ARD GEC en Ligne has a security loophole, which stems from the unsafe direct-object references to fe uid parameters at the Payment history API endpoint, which may lead to unauthorized access to the payment history of other users.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

ARD

Published

2025-09-22

Last Modified

2026-02-24

References

https://services.ard.fr https://github.com/0xZeroSec/CVE-2025-55886 https://access.redhat.com/security/cve/cve-2025-55886