| 제목 | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control |
|---|
| 설명 | An Insecure Direct Object Reference (IDOR) vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper authorization validation on user-controlled object references. The application fails to verify whether an authenticated user is authorized to access or manipulate specific resources referenced through user-supplied identifiers.
During security testing, it was observed that an authenticated low-privileged user could modify object identifiers within application requests and gain unauthorized access to resources belonging to other users or privileged functionality. By manipulating predictable identifiers, an attacker can directly access sensitive application objects without proper access restrictions.
Successful exploitation of this vulnerability may allow unauthorized access to sensitive information, viewing or modification of application resources, unauthorized interaction with privileged functionality, and compromise of data confidentiality and integrity. Depending on the affected endpoint, an attacker may access records or functionality that should only be available to authorized users. |
|---|
| 원천 | ⚠️ https://medium.com/@hemantrajbhati5555/insecure-direct-object-reference-idor-in-user-management-allows-unauthorized-access-and-61fdeb9773a1 |
|---|
| 사용자 | Hemant Raj Bhati (UID 95613) |
|---|
| 제출 | 2026. 05. 18. PM 05:40 (24 날 ago) |
|---|
| 모더레이션 | 2026. 06. 05. AM 10:17 (18 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 368366 [SourceCodester Ship Ferry Ticket Reservation System 1.0 /admin/ page 권한 상승] |
|---|
| 포인트들 | 0 |
|---|