| Title | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control |
|---|
| Description | An Insecure Direct Object Reference (IDOR) vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper authorization validation on user-controlled object references. The application fails to verify whether an authenticated user is authorized to access or manipulate specific resources referenced through user-supplied identifiers.
During security testing, it was observed that an authenticated low-privileged user could modify object identifiers within application requests and gain unauthorized access to resources belonging to other users or privileged functionality. By manipulating predictable identifiers, an attacker can directly access sensitive application objects without proper access restrictions.
Successful exploitation of this vulnerability may allow unauthorized access to sensitive information, viewing or modification of application resources, unauthorized interaction with privileged functionality, and compromise of data confidentiality and integrity. Depending on the affected endpoint, an attacker may access records or functionality that should only be available to authorized users. |
|---|
| Source | ⚠️ https://medium.com/@hemantrajbhati5555/insecure-direct-object-reference-idor-in-user-management-allows-unauthorized-access-and-61fdeb9773a1 |
|---|
| User | Hemant Raj Bhati (UID 95613) |
|---|
| Submission | 05/18/2026 17:40 (23 days ago) |
|---|
| Moderation | 06/05/2026 10:17 (18 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 368366 [SourceCodester Ship Ferry Ticket Reservation System 1.0 /admin/ page improper authorization] |
|---|
| Points | 0 |
|---|