Submit #287398: SourceCodester Employee Management System 1.0 IDORinfo

TitleSourceCodester Employee Management System 1.0 IDOR
DescriptionA critical Insecure Direct Object Reference (IDOR) vulnerability exists in the SourceCodester Employee Management System's myprofile.php script. By manipulating the id parameter in the URL, attackers can access other employees' profiles without proper authorization, potentially exposing sensitive information. This flaw could lead to unauthorized disclosure of personal details or salary data, posing a significant privacy risk and potential compliance violations. Remediation involves implementing robust access controls and encryption measures to restrict access to authorized users and protect sensitive information from unauthorized disclosure.
Source⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md
User
 nochizplz (UID 64302)
Submission02/24/2024 12:07 (2 years ago)
Moderation02/25/2024 19:30 (1 day later)
StatusAccepted
VulDB entry254726 [SourceCodester Employee Management System 1.0 /myprofile.php ID sql injection]
Points20

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>