| 제목 | Evershop <= v2.0.1 Insecure Direct Object Reference |
|---|
| 설명 | A critical authorization vulnerability has been identified in EverShop's GraphQL API that allows any unauthenticated user to access complete order information, including customer personally identifiable information (PII), shipping addresses, billing details, and purchase history. This is a textbook Insecure Direct Object Reference (IDOR) vulnerability where the application fails to verify whether the requesting user has permission to access the requested order data. |
|---|
| 원천 | ⚠️ https://github.com/ictrun/Evershop-Order-leak/blob/main/README.md |
|---|
| 사용자 | ictrun (UID 83482) |
|---|
| 제출 | 2025. 10. 23. AM 01:17 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 11. 09. AM 07:29 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 331639 [EverShop 까지 2.0.1 Order Order.resolvers.js uuid 권한 상승] |
|---|
| 포인트들 | 20 |
|---|