Отправить #299785: SOURCECODESTER Employee Task Management System 1.0 IDORИнформация

НазваниеSOURCECODESTER Employee Task Management System 1.0 IDOR
ОписаниеThe Employee Task Management System is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in `/update-admin.php`. This issue allows attackers to change the password of any user, including admins, by exploiting the `admin_id` parameter in POST requests. This vulnerability underscores the critical need for strict access controls and validation to ensure that actions such as password updates are performed only by authorized users.
Источник⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-admin.php.md
Пользователь
 nochizplz (UID 64302)
Представление16.03.2024 18:09 (2 лет назад)
Модерация17.03.2024 09:26 (15 hours later)
Статуспринято
Запись VulDB257079 [SourceCodester Employee Task Management System 1.0 /update-admin.php admin_id эскалация привилегий]
Баллы20

ПредыдущийОбзорДалее

Want to know what is going to be exploited?

We predict KEV entries!