제출 #458895: Dromara UJCMS 9.6.3 Insecure Direct Object Reference (IDOR)정보

제목Dromara UJCMS 9.6.3 Insecure Direct Object Reference (IDOR)
설명An Insecure Direct Object Reference (IDOR) vulnerability was discovered in UJCMS version 9.6.3 that allows unauthenticated enumeration of usernames through the manipulation of the user id parameter in the /users/id endpoint. While the user IDs are generally large numbers (e.g., 69278363520885761), with the exception of the admin and anonymous account, unauthenticated attackers can still systematically discover usernames of existing accounts.
원천⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/IDOR-UsernameEnumeration.md
사용자
 vastzero (UID 78767)
제출2024. 12. 08. PM 01:33 (2 연령 ago)
모더레이션2024. 12. 11. PM 01:37 (3 days later)
상태수락
VulDB 항목287865 [Dromara UJCMS 까지 9.6.3 User ID /users/id 권한 상승]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!