| عنوان | sourcecodester Computer Laboratory Management System 1.0 Insecure direct object references(IDOR) |
|---|
| الوصف | The vulnerability discovered in the Users.php script of the PHP-LMS (Learning Management System) application allows an attacker to exploit Insecure Direct Object References (IDOR) to unauthorizedly access and manipulate profile pictures of users, including administrators. By manipulating the id parameter in the HTTP request sent to the save_users function, an attacker can bypass access controls and modify the profile picture of any user by specifying their ID. This vulnerability poses a significant risk to the confidentiality and integrity of user data, potentially leading to reputational damage, unauthorized access, and further exploitation of the system.
|
|---|
| المصدر | ⚠️ https://github.com/Sospiro014/zday1/blob/main/Laboratory_Management_System.md |
|---|
| المستخدم | SoSPiro (UID 67134) |
|---|
| ارسال | 01/04/2024 12:10 PM (2 سنوات منذ) |
|---|
| الاعتدال | 01/04/2024 07:42 PM (8 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 258914 [SourceCodester Computer Laboratory Management System 1.0 Users.php?f=save save_users معرف تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|