| Title | Tutorials-website Employee Management System(EMS) 1.0 Insecure Direct Object Reference (IDOR) |
|---|
| Description | Title of the Vulnerability:
Tutorials-website | Employee Management System(EMS Version-1.0) | delete-user.php | IDOR
Vulnerability Class: Insecure Direct Object Reference (IDOR)
Product Name: Employee Management System(EMS Version-1.0)
Vendor: https://github.com/tutorials-website
Vulnerable Product Link: https://github.com/tutorials-website/EMS-MINI-PROJECT
Technical Details & Description: The application source code is coded in a way which allows : Insecure Direct Object Reference.
It can lead into:
- Unauthorized Data Access
- Data Manipulation
- Account Takeover
- Privilege Escalation
- Denial of Service (DoS)
- Reputation Damage
- Regulatory Consequences
Product & Service Introduction:
Employee Management System(EMS Version-1.0)
Observation & Exploitation:
Here,The Vulnerable File Is: delete-user.php/
Who will be affected of this IDOR attack?
->The Administrator and Other Users! Because they will not be able to access their account and see their tasks and their employee verification informations and even their leave verification datas as their account will be deleted without the interaction of Administrators but by the unauthorized hackers! |
|---|
| Source | ⚠️ https://www.websecurityinsights.my.id/2025/03/tutorials-website-employee-management.html |
|---|
| User | MaloyRoyOrko (UID 79572) |
|---|
| Submission | 03/29/2025 04:39 (1 Year ago) |
|---|
| Moderation | 04/12/2025 14:08 (14 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 304574 [Tutorials-Website Employee Management System 1.0 /admin/delete-user.php ID improper authorization] |
|---|
| Points | 20 |
|---|