SQL INJECTION, leaking of personal data + server misconfiguration lead to unauthorized access
BROKEN ACCESS CONTROL lead to leak all users sensitive data in Company database, including emails
IDOR Get any Customer all invoices
get personal information of workers
Extract all users emails end with( @company.com ) with names in DB of Company users
Export Subscription Application Instance List ( with internal host ) and SupportCompanySearchCustomers
FULL access to all CUSTOMERS information including emails for all users in Company DataBase
External Guest without permission Can View pinned-collections Lists
External Guest without permission Can Share any collection with any user
External Guest Can View all projects in the company
