Submit #458895: Dromara UJCMS 9.6.3 Insecure Direct Object Reference (IDOR)info

TitleDromara UJCMS 9.6.3 Insecure Direct Object Reference (IDOR)
DescriptionAn Insecure Direct Object Reference (IDOR) vulnerability was discovered in UJCMS version 9.6.3 that allows unauthenticated enumeration of usernames through the manipulation of the user id parameter in the /users/id endpoint. While the user IDs are generally large numbers (e.g., 69278363520885761), with the exception of the admin and anonymous account, unauthenticated attackers can still systematically discover usernames of existing accounts.
Source⚠️ https://github.com/cydtseng/Vulnerability-Research/blob/main/ujcms/IDOR-UsernameEnumeration.md
User
 vastzero (UID 78767)
Submission12/08/2024 13:33 (2 years ago)
Moderation12/11/2024 13:37 (3 days later)
StatusAccepted
VulDB entry287865 [Dromara UJCMS up to 9.6.3 User ID /users/id authorization]
Points20

Interested in the pricing of exploits?

See the underground prices here!