| عنوان | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control |
|---|
| الوصف | An Insecure Direct Object Reference (IDOR) vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper authorization validation on user-controlled object references. The application fails to verify whether an authenticated user is authorized to access or manipulate specific resources referenced through user-supplied identifiers.
During security testing, it was observed that an authenticated low-privileged user could modify object identifiers within application requests and gain unauthorized access to resources belonging to other users or privileged functionality. By manipulating predictable identifiers, an attacker can directly access sensitive application objects without proper access restrictions.
Successful exploitation of this vulnerability may allow unauthorized access to sensitive information, viewing or modification of application resources, unauthorized interaction with privileged functionality, and compromise of data confidentiality and integrity. Depending on the affected endpoint, an attacker may access records or functionality that should only be available to authorized users. |
|---|
| المصدر | ⚠️ https://medium.com/@hemantrajbhati5555/insecure-direct-object-reference-idor-in-user-management-allows-unauthorized-access-and-61fdeb9773a1 |
|---|
| المستخدم | Hemant Raj Bhati (UID 95613) |
|---|
| ارسال | 18/05/2026 05:40 PM (25 أيام منذ) |
|---|
| الاعتدال | 05/06/2026 10:17 AM (18 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 368366 [SourceCodester Ship Ferry Ticket Reservation System 1.0 /admin/ page تجاوز الصلاحيات] |
|---|
| النقاط | 0 |
|---|