Submit #458895: Dromara UJCMS 9.6.3 Insecure Direct Object Reference (IDOR)info

TitelDromara UJCMS 9.6.3 Insecure Direct Object Reference (IDOR)
BeschreibungAn Insecure Direct Object Reference (IDOR) vulnerability was discovered in UJCMS version 9.6.3 that allows unauthenticated enumeration of usernames through the manipulation of the user id parameter in the /users/id endpoint. While the user IDs are generally large numbers (e.g., 69278363520885761), with the exception of the admin and anonymous account, unauthenticated attackers can still systematically discover usernames of existing accounts.
Quelle⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/IDOR-UsernameEnumeration.md
Benutzer
 vastzero (UID 78767)
Einreichung08.12.2024 13:33 (vor 2 Jahren)
Moderieren11.12.2024 13:37 (3 days later)
StatusAkzeptiert
VulDB Eintrag287865 [Dromara UJCMS bis 9.6.3 User ID /users/id erweiterte Rechte]
Punkte20

Interested in the pricing of exploits?

See the underground prices here!