| शीर्षक | Sushmi-pal Invoice-System 1.0 Insecure Direct Object Reference (IDOR) |
|---|
| विवरण | An Insecure Direct Object Reference (IDOR) vulnerability exists in version 1.0 of the Invoice System in Laravel application. The vulnerability is present in the /profile/{id} endpoint, which fails to properly enforce authorization checks on user-supplied object identifiers.
The application directly uses the id parameter from the request path to retrieve and update user profile data without verifying whether the requested resource belongs to the currently authenticated user. As a result, an attacker with a valid account can manipulate the id value to access or modify other users’ profiles.
|
|---|
| स्रोत | ⚠️ https://gist.github.com/c4ttr4ck/c35c134709743deb7dfad5b878295402 |
|---|
| उपयोगकर्ता | c4ttr4ck (UID 75518) |
|---|
| सबमिशन | 26/04/2026 11:09 PM (1 महीना पहले) |
|---|
| संयम | 24/05/2026 08:33 AM (27 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365391 [Sushmi-pal Invoice-System तक a0a3faa16dee2621b231ae227333f5761607283b Profile Workflow /profile पहचान अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|