Invia #458895: Dromara UJCMS 9.6.3 Insecure Direct Object Reference (IDOR)informazioni

TitoloDromara UJCMS 9.6.3 Insecure Direct Object Reference (IDOR)
DescrizioneAn Insecure Direct Object Reference (IDOR) vulnerability was discovered in UJCMS version 9.6.3 that allows unauthenticated enumeration of usernames through the manipulation of the user id parameter in the /users/id endpoint. While the user IDs are generally large numbers (e.g., 69278363520885761), with the exception of the admin and anonymous account, unauthenticated attackers can still systematically discover usernames of existing accounts.
Fonte⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/IDOR-UsernameEnumeration.md
Utente
 vastzero (UID 78767)
Sottomissione08/12/2024 13:33 (2 anni fa)
Moderazione11/12/2024 13:37 (3 days later)
StatoAccettato
Voce VulDB287865 [Dromara UJCMS fino a 9.6.3 User ID /users/id escalationi di privilegi]
Punti20

Do you know our Splunk app?

Download it now for free!