| Название | Bdtask Pharmacy Management System v9.4 Insecure Direct Object Reference (IDOR) |
|---|
| Описание | The application uses a predictable, sequential user ID in the URL to fetch and display user profile data. However, it fails to perform a server-side authorization check to verify if the currently authenticated user has the necessary permissions to view or edit the profile associated with the requested ID. This allows any authenticated user to access the profiles of other users simply by manipulating the ID in the URL.
|
|---|
| Источник | ⚠️ https://github.com/4m3rr0r/PoCVulDb/blob/main/README15.md |
|---|
| Пользователь | 4m3rr0r (UID 85795) |
|---|
| Представление | 14.10.2025 17:07 (7 месяцы назад) |
|---|
| Модерация | 26.10.2025 17:30 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 329956 [Bdtask Pharmacy Management System до 9.4 User Profile /user/edit_user/ эскалация привилегий] |
|---|
| Баллы | 19 |
|---|