提出 #458895: Dromara UJCMS 9.6.3 Insecure Direct Object Reference (IDOR)情報

タイトルDromara UJCMS 9.6.3 Insecure Direct Object Reference (IDOR)
説明An Insecure Direct Object Reference (IDOR) vulnerability was discovered in UJCMS version 9.6.3 that allows unauthenticated enumeration of usernames through the manipulation of the user id parameter in the /users/id endpoint. While the user IDs are generally large numbers (e.g., 69278363520885761), with the exception of the admin and anonymous account, unauthenticated attackers can still systematically discover usernames of existing accounts.
ソース⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/IDOR-UsernameEnumeration.md
ユーザー
 vastzero (UID 78767)
送信2024年12月08日 13:33 (2 年 ago)
モデレーション2024年12月11日 13:37 (3 days later)
ステータス承諾済み
VulDBエントリ287865 [Dromara UJCMS 迄 9.6.3 User ID /users/id 特権昇格]
ポイント20

Want to know what is going to be exploited?

We predict KEV entries!