Отправить #299786: SOURCECODESTER Employee Task Management System 1.0 IDORИнформация

НазваниеSOURCECODESTER Employee Task Management System 1.0 IDOR
ОписаниеThe Employee Task Management System is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability within its `/update-employee.php` component. This flaw permits unauthorized users to alter any employee's password by exploiting the `admin_id` parameter in POST requests. This issue highlights the urgent necessity for implementing robust authentication and authorization checks to restrict sensitive operations to authenticated and authorized users only, ensuring that users cannot perform actions beyond their permissions.
Источник⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-employee.php.md
Пользователь
 nochizplz (UID 64302)
Представление16.03.2024 18:09 (2 лет назад)
Модерация17.03.2024 09:26 (15 hours later)
Статуспринято
Запись VulDB257080 [SourceCodester Employee Task Management System 1.0 /update-employee.php admin_id эскалация привилегий]
Баллы20

ПредыдущийОбзорДалее

Do you know our Splunk app?

Download it now for free!