إرسال #556871: codecanyon RISE - Ultimate Project Manager & CRM 3.8.2 Broken/Incorrect Access Controlالمعلومات

عنوانcodecanyon RISE - Ultimate Project Manager & CRM 3.8.2 Broken/Incorrect Access Control
الوصفA vulnerability was discovered in RISE - Ultimate Project Manager & CRM that allows an authenticated user to change the profile picture of any other user by exploiting an Insecure Direct Object Reference (IDOR) in the /index.php/team_members/save_profile_image/[user_id] endpoint. The application does not properly validate whether the authenticated user is authorized to update the specified user ID’s profile image, allowing unauthorized modification of user data. This flaw impacts data integrity and may lead to impersonation or disruption of user experience.
المصدر⚠️ https://github.com/L4zyFox/RISE-Ultimate_Project_Manager_e_CRM
المستخدم
 TheL4zyF0x (UID 84039)
ارسال11/04/2025 10:06 PM (1 سنة منذ)
الاعتدال21/04/2025 04:17 PM (10 days later)
الحالةتمت الموافقة
إدخال VulDB305780 [CodeCanyon RISE Ultimate Project Manager 3.8.2 Profile Picture save_profile_image profile_image_file تجاوز الصلاحيات]
النقاط20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!