Invia #287398: SourceCodester Employee Management System 1.0 IDORinformazioni

TitoloSourceCodester Employee Management System 1.0 IDOR
DescrizioneA critical Insecure Direct Object Reference (IDOR) vulnerability exists in the SourceCodester Employee Management System's myprofile.php script. By manipulating the id parameter in the URL, attackers can access other employees' profiles without proper authorization, potentially exposing sensitive information. This flaw could lead to unauthorized disclosure of personal details or salary data, posing a significant privacy risk and potential compliance violations. Remediation involves implementing robust access controls and encryption measures to restrict access to authorized users and protect sensitive information from unauthorized disclosure.
Fonte⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md
Utente
 nochizplz (UID 64302)
Sottomissione24/02/2024 12:07 (2 anni fa)
Moderazione25/02/2024 19:30 (1 day later)
StatoAccettato
Voce VulDB254726 [SourceCodester Employee Management System 1.0 /myprofile.php ID iniezione SQL]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!