Patient information who have uploaded vaccination certificate is publicly exposed on endpoint /vaccination-manager/api/vax-proof-list.php

FirstBlood-#836 — Patient information who have uploaded vaccination certificate is publicly exposed on endpoint /vaccination-manager/api/vax-proof-list.php
This issue was discovered on FirstBlood v2

This report has been reviewed and accepted as a valid vulnerability on FirstBlood!

On 2021-10-29, vishal Level 2 reported:


        Discription:patient information who have uploaded vaccination certificate  is publicly exposed on endpoint /vaccination-manager/api/vax-proof-list.php
Steps to Reproduce :


visit /vaccination-manager/api.php( found by go buster).



I noticed intresting endponint here /vaccination-manager/api/vax-proof-list.php.  let's go there

lot's of private info such as :ip, email,vaccination certificate exposed here.


vaccination certificate can be accessed by adding above get proff jpg file path after /upload/ like i did here.



Impact: user private info ip, email, vaccination certifiate exposed publicly.
Let me know if anything required -
Thanks and regards -vishal

This report has been publicly disclosed for everyone to view

P1 CRITICAL

Endpoint: vaccination-manager/api/vax-proof-list.php

Parameter: none

Payload: none

FirstBlood ID: 31
Vulnerability Type: Information leak/disclosure

The endpoint api.php can be found under the vaccination manage portal directory which allows for user interaction and results in PII leak on vax-proof-list.php

BugBountyHunter

Discription:patient information who have uploaded vaccination certificate is publicly exposed on endpoint /vaccination-manager/api/vax-proof-list.php

Steps to Reproduce :

Impact: user private info ip, email, vaccination certifiate exposed publicly.