MysteryVibe DVE Reports

MysteryVibe

Website: https://www.mysteryvibe.com/
Vulnerability disclosure address: bug-report@mysteryvibe.com
Status: Supporter, working on partnership

DVE-2017-24

  • Date Posted:4/2/2017
  • Type of Vulnerability: Unauthenticated website administrative function
  • Products affected: https://mysteryvibe.com/
  • Found and reported by: RenderMan
  • Date Reported: 3/30/2017
  • Description: The “Testimonials” control panel on the mysteryvibe.com website is exposed publicly and unauthenticated. Anyone who finds it can add, delete, or edit the testimonials featured on the website and cause reputation damage
  • Remediation: The Testimonials control panel has been moved to a protected part of the site and is no longer exposed