| Название | code-projects Invoice System in Laravel 1.0 Insecure Direct Object Reference (IDOR) |
|---|
| Описание | The profile workflow uses a user-controlled id in the route and fails to verify that the requested profile belongs to the authenticated user. This allows an attacker to view or modify any user's profile data by simply changing the ID in the URL. |
|---|
| Источник | ⚠️ https://gist.github.com/higordiego/9b5f076d7f651e45c0f30ae14bab3b4e |
|---|
| Пользователь | c4ttr4ck (UID 75518) |
|---|
| Представление | 09.04.2026 00:17 (19 дни назад) |
|---|
| Модерация | 26.04.2026 10:49 (17 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 359667 [code-projects Invoice System in Laravel 1.0 Profile /profile/ ИД эскалация привилегий] |
|---|
| Баллы | 16 |
|---|