| عنوان | SourceCodester Employee Management System 1.0 IDOR |
|---|
| الوصف | A critical Insecure Direct Object Reference (IDOR) vulnerability exists in the SourceCodester Employee Management System's myprofile.php script. By manipulating the id parameter in the URL, attackers can access other employees' profiles without proper authorization, potentially exposing sensitive information. This flaw could lead to unauthorized disclosure of personal details or salary data, posing a significant privacy risk and potential compliance violations. Remediation involves implementing robust access controls and encryption measures to restrict access to authorized users and protect sensitive information from unauthorized disclosure. |
|---|
| المصدر | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md |
|---|
| المستخدم | nochizplz (UID 64302) |
|---|
| ارسال | 24/02/2024 12:07 PM (2 سنوات منذ) |
|---|
| الاعتدال | 25/02/2024 07:30 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 254726 [SourceCodester Employee Management System 1.0 /myprofile.php معرف حقن SQL] |
|---|
| النقاط | 20 |
|---|