| Título | Bdtask Pharmacy Management System v9.4 Insecure Direct Object Reference (IDOR) |
|---|
| Descrição | The application uses a predictable, sequential user ID in the URL to fetch and display user profile data. However, it fails to perform a server-side authorization check to verify if the currently authenticated user has the necessary permissions to view or edit the profile associated with the requested ID. This allows any authenticated user to access the profiles of other users simply by manipulating the ID in the URL.
|
|---|
| Fonte | ⚠️ https://github.com/4m3rr0r/PoCVulDb/blob/main/README15.md |
|---|
| Utilizador | 4m3rr0r (UID 85795) |
|---|
| Submissão | 14/10/2025 17h07 (há 7 meses) |
|---|
| Moderação | 26/10/2025 17h30 (12 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 329956 [Bdtask Pharmacy Management System até 9.4 User Profile /user/edit_user/ Elevação de Privilégios] |
|---|
| Pontos | 19 |
|---|