| タイトル | SourceCodester Leave Application System in PHP and SQLite3 1.0 Improper Authorization |
|---|
| 説明 | The Leave Application System in PHP and SQLite3 is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the user management functionality.
The application allows authenticated users to access and modify other user accounts by manipulating the id parameter in the URL.
Example vulnerable endpoint:
?page=manage_user&id=1
By changing the id parameter value, attackers can access other users' accounts:
?page=manage_user&id=2
?page=manage_user&id=3
The application loads different user profiles based solely on the ID value without performing proper authorization checks.
This vulnerability may allow attackers to access sensitive user information, modify other user accounts, and potentially escalate privileges. |
|---|
| ソース | ⚠️ https://medium.com/@hemantrajbhati5555/insecure-direct-object-reference-idor-in-leave-application-system-php-sqlite3-66af35b8b6ea |
|---|
| ユーザー | Hemant Raj Bhati (UID 95613) |
|---|
| 送信 | 2026年03月16日 12:33 (21 日 ago) |
|---|
| モデレーション | 2026年04月01日 15:18 (16 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 354657 [SourceCodester Leave Application System 1.0 User Information index.php?page=manage_user 識別子 特権昇格] |
|---|
| ポイント | 20 |
|---|