| عنوان | e4sistemas Mercatus ERP v 2.00.019 Insecure Direct Object Reference (IDOR) |
|---|
| الوصف | Mercatus ERP is an ERP program for autonomous markets, the application contains an IDOR vulnerability when generating the purchase invoices, we can perform a test on the endpoint below, by changing only the ID it is possible to have access to invoices from other people who made the purchase in autonomous markets.
Endpoint: https://expressfoods.mercatus.net.br/basico/webservice/imprimir-danfe/id/1957650
By changing the ID to another, we will have access to another invoice
https://expressfoods.mercatus.net.br/basico/webservice/imprimir-danfe/id/1957651
|
|---|
| المصدر | ⚠️ https://example.com/basico/webservice/imprimir-danfe/id/1957650 |
|---|
| المستخدم | cadeolog (UID 89138) |
|---|
| ارسال | 18/08/2025 04:15 AM (8 أشهر منذ) |
|---|
| الاعتدال | 28/08/2025 08:41 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 321790 [E4 Sistemas Mercatus ERP 2.00.019 id تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|