Home > Vulnerability Database > CVE-2026-23843

Mend.io Vulnerability Database

CVE-2026-23843

Good to know:

Date: January 19, 2026

teklifolustur_app is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference (IDOR) vulnerability exists in the offer view functionality. Authenticated users can manipulate the offer_id parameter to access offers belonging to other users. The issue is caused by missing authorization checks ensuring that the requested offer belonged to the currently authenticated user. Commit dd082a134a225b8dcd401b6224eead4fb183ea1c contains a patch.

Severity Score

7.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-23843

Url: https://github.com/sibercii6-crypto/teklifolustur_app/security/advisories/GHSA-6h9r-mmg3-cg7m

Url: https://github.com/sibercii6-crypto/teklifolustur_app/commit/dd082a134a225b8dcd401b6224eead4fb183ea1c

Url: https://www.mend.io/vulnerability-database/CVE-2026-23843

Severity Score

7.1

Weakness Type (CWE)

Authorization Bypass Through User-Controlled Key

CWE-639

CVSS v3.1

Base Score:	7.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-23843

Good to know:

Date: January 19, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?