| タイトル | sourcecodester Computer Laboratory Management System 1.0 Insecure direct object references(IDOR) |
|---|
| 説明 | The vulnerability discovered in the Users.php script of the PHP-LMS (Learning Management System) application allows an attacker to exploit Insecure Direct Object References (IDOR) to unauthorizedly access and manipulate profile pictures of users, including administrators. By manipulating the id parameter in the HTTP request sent to the save_users function, an attacker can bypass access controls and modify the profile picture of any user by specifying their ID. This vulnerability poses a significant risk to the confidentiality and integrity of user data, potentially leading to reputational damage, unauthorized access, and further exploitation of the system.
|
|---|
| ソース | ⚠️ https://github.com/Sospiro014/zday1/blob/main/Laboratory_Management_System.md |
|---|
| ユーザー | SoSPiro (UID 67134) |
|---|
| 送信 | 2024年04月01日 12:10 (2 年 ago) |
|---|
| モデレーション | 2024年04月01日 19:42 (8 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 258914 [SourceCodester Computer Laboratory Management System 1.0 Users.php?f=save save_users 識別子 特権昇格] |
|---|
| ポイント | 20 |
|---|