| 标题 | code-projects Invoice System in Laravel 1.0 Insecure Direct Object Reference (IDOR) |
|---|
| 描述 | The profile workflow uses a user-controlled id in the route and fails to verify that the requested profile belongs to the authenticated user. This allows an attacker to view or modify any user's profile data by simply changing the ID in the URL. |
|---|
| 来源 | ⚠️ https://gist.github.com/higordiego/9b5f076d7f651e45c0f30ae14bab3b4e |
|---|
| 用户 | c4ttr4ck (UID 75518) |
|---|
| 提交 | 2026-04-09 00時17分 (19 日前) |
|---|
| 管理 | 2026-04-26 10時49分 (17 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 359667 [code-projects Invoice System in Laravel 1.0 Profile /profile/ 标识符 权限提升] |
|---|
| 积分 | 16 |
|---|