| Название | Tutorials-website Employee Management System(EMS Version-1.0) 1.0 Insecure Direct Object Reference (IDOR) |
|---|
| Описание | Title of the Vulnerability:
Tutorials-website | Employee Management System(EMS Version-1.0) | IDOR | Admin or Account Takeover via /admin/update-user.php
Vulnerability Class: Insecure Direct Object Reference (IDOR)
Product Name: Employee Management System(EMS Version-1.0)
Vendor: https://github.com/tutorials-website
Vulnerable Product Link: https://github.com/tutorials-website/EMS-MINI-PROJECT
Technical Details & Description:
The application source code is coded in a way which allows : Insecure Direct Object Reference.
Product & Service Introduction:
Employee Management System(EMS Version-1.0)
Observation & Exploitation:
Here,The Vulnerable File Is: /admin/update-user.php
Who will be affected of this IDOR attack?
->The Company! Because Hackers will be able to access and modify admin and employee accounts and see even modify their tasks and their employee verification informations and even their leave verification datas as the hackers can update their account as admin privilege without the interaction of Administrators but by the unauthorized practices |
|---|
| Источник | ⚠️ https://www.websecurityinsights.my.id/2025/03/tutorials-website-employee-management_28.html |
|---|
| Пользователь | MaloyRoyOrko (UID 79572) |
|---|
| Представление | 29.03.2025 05:21 (1 Год назад) |
|---|
| Модерация | 12.04.2025 14:08 (14 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 304575 [Tutorials-Website Employee Management System 1.0 /admin/update-user.php ИД эскалация привилегий] |
|---|
| Баллы | 20 |
|---|