Enviar #680788: Evershop <= v2.0.1 Insecure Direct Object Referenceinformación

TítuloEvershop <= v2.0.1 Insecure Direct Object Reference
DescripciónA critical authorization vulnerability has been identified in EverShop's GraphQL API that allows any unauthenticated user to access complete order information, including customer personally identifiable information (PII), shipping addresses, billing details, and purchase history. This is a textbook Insecure Direct Object Reference (IDOR) vulnerability where the application fails to verify whether the requesting user has permission to access the requested order data.
Fuente⚠️ https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md
Usuario
 ictrun (UID 83482)
Sumisión2025-10-23 01:17 (hace 6 meses)
Moderación2025-11-09 07:29 (17 days later)
EstadoAceptado
Entrada de VulDB331639 [EverShop hasta 2.0.1 Order Order.resolvers.js uuid escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!