| 제목 | sourcecodester Computer Laboratory Management System 1.0 Insecure direct object references(IDOR) |
|---|
| 설명 | The vulnerability discovered in the Users.php script of the PHP-LMS (Learning Management System) application allows an attacker to exploit Insecure Direct Object References (IDOR) to unauthorizedly access and manipulate profile pictures of users, including administrators. By manipulating the id parameter in the HTTP request sent to the save_users function, an attacker can bypass access controls and modify the profile picture of any user by specifying their ID. This vulnerability poses a significant risk to the confidentiality and integrity of user data, potentially leading to reputational damage, unauthorized access, and further exploitation of the system.
|
|---|
| 원천 | ⚠️ https://github.com/Sospiro014/zday1/blob/main/Laboratory_Management_System.md |
|---|
| 사용자 | SoSPiro (UID 67134) |
|---|
| 제출 | 2024. 04. 01. PM 12:10 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 04. 01. PM 07:42 (8 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 258914 [SourceCodester Computer Laboratory Management System 1.0 Users.php?f=save save_users 아이디 권한 상승] |
|---|
| 포인트들 | 20 |
|---|