| Название | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control |
|---|
| Описание | An Insecure Direct Object Reference (IDOR) vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper authorization validation on user-controlled object references. The application fails to verify whether an authenticated user is authorized to access or manipulate specific resources referenced through user-supplied identifiers.
During security testing, it was observed that an authenticated low-privileged user could modify object identifiers within application requests and gain unauthorized access to resources belonging to other users or privileged functionality. By manipulating predictable identifiers, an attacker can directly access sensitive application objects without proper access restrictions.
Successful exploitation of this vulnerability may allow unauthorized access to sensitive information, viewing or modification of application resources, unauthorized interaction with privileged functionality, and compromise of data confidentiality and integrity. Depending on the affected endpoint, an attacker may access records or functionality that should only be available to authorized users. |
|---|
| Источник | ⚠️ https://medium.com/@hemantrajbhati5555/insecure-direct-object-reference-idor-in-user-management-allows-unauthorized-access-and-61fdeb9773a1 |
|---|
| Пользователь | Hemant Raj Bhati (UID 95613) |
|---|
| Представление | 18.05.2026 17:40 (23 дни назад) |
|---|
| Модерация | 05.06.2026 10:17 (18 days later) |
|---|
| Статус | Дубликат |
|---|
| Запись VulDB | 368366 [SourceCodester Ship Ferry Ticket Reservation System 1.0 /admin/ page эскалация привилегий] |
|---|
| Баллы | 0 |
|---|