| タイトル | Evershop <= v2.0.1 Insecure Direct Object Reference |
|---|
| 説明 | A critical authorization vulnerability has been identified in EverShop's GraphQL API that allows any unauthenticated user to access complete order information, including customer personally identifiable information (PII), shipping addresses, billing details, and purchase history. This is a textbook Insecure Direct Object Reference (IDOR) vulnerability where the application fails to verify whether the requesting user has permission to access the requested order data. |
|---|
| ソース | ⚠️ https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md |
|---|
| ユーザー | ictrun (UID 83482) |
|---|
| 送信 | 2025年10月23日 01:17 (6 月 ago) |
|---|
| モデレーション | 2025年11月09日 07:29 (17 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 331639 [EverShop 迄 2.0.1 Order Order.resolvers.js uuid 特権昇格] |
|---|
| ポイント | 20 |
|---|