| Título | sourcecodester Computer Laboratory Management System 1.0 Insecure direct object references(IDOR) |
|---|
| Descripción | The vulnerability discovered in the Users.php script of the PHP-LMS (Learning Management System) application allows an attacker to exploit Insecure Direct Object References (IDOR) to unauthorizedly access and manipulate profile pictures of users, including administrators. By manipulating the id parameter in the HTTP request sent to the save_users function, an attacker can bypass access controls and modify the profile picture of any user by specifying their ID. This vulnerability poses a significant risk to the confidentiality and integrity of user data, potentially leading to reputational damage, unauthorized access, and further exploitation of the system.
|
|---|
| Fuente | ⚠️ https://github.com/Sospiro014/zday1/blob/main/Laboratory_Management_System.md |
|---|
| Usuario | SoSPiro (UID 67134) |
|---|
| Sumisión | 2024-04-01 12:10 (hace 2 años) |
|---|
| Moderación | 2024-04-01 19:42 (8 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 258914 [SourceCodester Computer Laboratory Management System 1.0 Users.php?f=save save_users ID escalada de privilegios] |
|---|
| Puntos | 20 |
|---|