| 제목 | SourceCodester Employee Management System 1.0 IDOR |
|---|
| 설명 | A critical Insecure Direct Object Reference (IDOR) vulnerability exists in the SourceCodester Employee Management System's myprofile.php script. By manipulating the id parameter in the URL, attackers can access other employees' profiles without proper authorization, potentially exposing sensitive information. This flaw could lead to unauthorized disclosure of personal details or salary data, posing a significant privacy risk and potential compliance violations. Remediation involves implementing robust access controls and encryption measures to restrict access to authorized users and protect sensitive information from unauthorized disclosure. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 24. PM 12:07 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 02. 25. PM 07:30 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 254726 [SourceCodester Employee Management System 1.0 /myprofile.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|