Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NPhone Shop Sales Management System Project Phone Shop Sales Management System
APPPhone Shop Sales Management System Project1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
IDOR
CWE
Powiązane podatności
CVE-2021-36560CRITICAL9.8ten sam produkt
Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass whic...
CVE-2021-36623CRITICAL9.8ten sam produkt
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
CVE-2021-36624CRITICAL9.8ten sam produkt
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerabili...