| 제목 | SOURCECODESTER Employee Task Management System 1.0 IDOR |
|---|
| 설명 | The Employee Task Management System is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability within its `/update-employee.php` component. This flaw permits unauthorized users to alter any employee's password by exploiting the `admin_id` parameter in POST requests. This issue highlights the urgent necessity for implementing robust authentication and authorization checks to restrict sensitive operations to authenticated and authorized users only, ensuring that users cannot perform actions beyond their permissions. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-employee.php.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 03. 16. PM 06:09 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 17. AM 09:26 (15 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 257080 [SourceCodester Employee Task Management System 1.0 /update-employee.php admin_id 권한 상승] |
|---|
| 포인트들 | 20 |
|---|