Enviar #299785: SOURCECODESTER Employee Task Management System 1.0 IDORinformación

TítuloSOURCECODESTER Employee Task Management System 1.0 IDOR
DescripciónThe Employee Task Management System is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in `/update-admin.php`. This issue allows attackers to change the password of any user, including admins, by exploiting the `admin_id` parameter in POST requests. This vulnerability underscores the critical need for strict access controls and validation to ensure that actions such as password updates are performed only by authorized users.
Fuente⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-admin.php.md
Usuario
 nochizplz (UID 64302)
Sumisión2024-03-16 18:09 (hace 2 años)
Moderación2024-03-17 09:26 (15 hours later)
EstadoAceptado
Entrada de VulDB257079 [SourceCodester Employee Task Management System 1.0 /update-admin.php admin_id escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!