| Titel | SourceCodester Employee Management System 1.0 IDOR |
|---|
| Beschreibung | A critical Insecure Direct Object Reference (IDOR) vulnerability exists in the SourceCodester Employee Management System's myprofile.php script. By manipulating the id parameter in the URL, attackers can access other employees' profiles without proper authorization, potentially exposing sensitive information. This flaw could lead to unauthorized disclosure of personal details or salary data, posing a significant privacy risk and potential compliance violations. Remediation involves implementing robust access controls and encryption measures to restrict access to authorized users and protect sensitive information from unauthorized disclosure. |
|---|
| Quelle | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md |
|---|
| Benutzer | nochizplz (UID 64302) |
|---|
| Einreichung | 24.02.2024 12:07 (vor 2 Jahren) |
|---|
| Moderieren | 25.02.2024 19:30 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 254726 [SourceCodester Employee Management System 1.0 /myprofile.php ID SQL Injection] |
|---|
| Punkte | 20 |
|---|