| Titolo | CampCodes School Management Software 1.0 Insecure Direct Object Reference (IDOR) |
|---|
| Descrizione | Vendor and Product Information:
Vendor: CampCodes
Product: School Management Software
Product URL: https://www.campcodes.com/downloads/school-management-software-in-php-mysql-full-source-code/
Vulnerability Name: Insecure Direct Object Reference (IDOR) - All Student Homework Downloadable
Description:
The students of different classes using the application have option to upload their respective HomeWorks. However, it was observed that student and homework have unique ID’s which are sequential and guessable. It makes it easy for one student from one class to download homework done by another student of another class. |
|---|
| Fonte | ⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Insecure%20Direct%20Object%20Reference%20(IDOR)%20-%20All%20Student%20Homework%20Downloadable.pdf |
|---|
| Utente | khukuririmal (UID 80171) |
|---|
| Sottomissione | 18/01/2025 12:36 (1 Anno fa) |
|---|
| Moderazione | 21/01/2025 18:27 (3 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 292737 [CampCodes School Management Software 1.0 Attachment escalationi di privilegi] |
|---|
| Punti | 20 |
|---|