Appspace 6.2.4 is vulnerable to a broken authentication mechanism where pages such as /medianet/mail.aspx can be called directly and the framework is exposed with layouts, menus and functionalities.Referenceshttp://appspace.comhttps://github.com/syedsohaibkarim/PoC-BrokenAuth-AppSpace6.2.4
