| Title | Control iD RH iD v25.2.25. IDOR - Insecure Direct Object Reference |
|---|
| Description | Control iD RH iD v25.2.25.0 IDOR Vulnerability
Vulnerability Overview:
An Insecure Direct Object Reference (IDOR) vulnerability has been discovered in the endpoint /v2/report.svc/comprovante_marcacao/?companyId=1&nsr=8511 of the Control iD RH iD v25.2.25.0 application. This vulnerability allows unauthorized access to sensitive PDF documents of employees by modifying the nsr parameter.
Details:
By altering the nsr parameter in the URL, which is used to download PDF files containing sensitive employee information, it is possible to access the documents of other employees within the company. This results in unauthorized access to personal and sensitive data, exposing confidential information such as work schedules, attendance records, and more.
For example, by changing the nsr value from 8511 to any other valid ID, an attacker could potentially access a PDF report of a different employee, revealing sensitive details.
Steps to Reproduce:
Access the endpoint: /v2/report.svc/comprovante_marcacao/?companyId=1&nsr=8511
Modify the nsr parameter to another value (e.g., nsr=8512, nsr=8513).
Observe that different PDF files are returned, corresponding to different employees, potentially revealing sensitive information.
Impact:
This vulnerability allows unauthorized users to access and download sensitive PDF documents related to employees of the company. The exposed information may include private data such as attendance, work hours, and other personal details.
Reference: https://www.controlid.com.br/
|
|---|
| Source | ⚠️ https://github.com/yago3008/cves |
|---|
| User | y4g0 (UID 80480) |
|---|
| Submission | 02/26/2025 21:50 (1 Year ago) |
|---|
| Moderation | 03/08/2025 15:47 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 299038 [Control iD RH iD 25.2.25.0 PDF Document ?companyId=1 nsr resource injection] |
|---|
| Points | 20 |
|---|