| 제목 | SourceCodester Leave Application System in PHP and SQLite3 1.0 Improper Authorization |
|---|
| 설명 | The Leave Application System in PHP and SQLite3 is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the user management functionality.
The application allows authenticated users to access and modify other user accounts by manipulating the id parameter in the URL.
Example vulnerable endpoint:
?page=manage_user&id=1
By changing the id parameter value, attackers can access other users' accounts:
?page=manage_user&id=2
?page=manage_user&id=3
The application loads different user profiles based solely on the ID value without performing proper authorization checks.
This vulnerability may allow attackers to access sensitive user information, modify other user accounts, and potentially escalate privileges. |
|---|
| 원천 | ⚠️ https://medium.com/@hemantrajbhati5555/insecure-direct-object-reference-idor-in-leave-application-system-php-sqlite3-66af35b8b6ea |
|---|
| 사용자 | Hemant Raj Bhati (UID 95613) |
|---|
| 제출 | 2026. 03. 16. PM 12:33 (20 날 ago) |
|---|
| 모더레이션 | 2026. 04. 01. PM 03:18 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354657 [SourceCodester Leave Application System 1.0 User Information index.php?page=manage_user 아이디 권한 상승] |
|---|
| 포인트들 | 20 |
|---|