| Título | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control |
|---|
| Descrição | An Insecure Direct Object Reference (IDOR) vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper authorization validation on user-controlled object references. The application fails to verify whether an authenticated user is authorized to access or manipulate specific resources referenced through user-supplied identifiers.
During security testing, it was observed that an authenticated low-privileged user could modify object identifiers within application requests and gain unauthorized access to resources belonging to other users or privileged functionality. By manipulating predictable identifiers, an attacker can directly access sensitive application objects without proper access restrictions.
Successful exploitation of this vulnerability may allow unauthorized access to sensitive information, viewing or modification of application resources, unauthorized interaction with privileged functionality, and compromise of data confidentiality and integrity. Depending on the affected endpoint, an attacker may access records or functionality that should only be available to authorized users. |
|---|
| Fonte | ⚠️ https://medium.com/@hemantrajbhati5555/insecure-direct-object-reference-idor-in-user-management-allows-unauthorized-access-and-61fdeb9773a1 |
|---|
| Utilizador | Hemant Raj Bhati (UID 95613) |
|---|
| Submissão | 18/05/2026 17h40 (há 20 dias) |
|---|
| Moderação | 05/06/2026 10h17 (18 days later) |
|---|
| Estado | Duplicado |
|---|
| Entrada VulDB | 368366 [SourceCodester Ship Ferry Ticket Reservation System 1.0 /admin/ page Elevação de Privilégios] |
|---|
| Pontos | 0 |
|---|