MEDIUM🇬🇧 English

CVE-2021-35337

CVSS 4.3v3.1pub. 2021-07-01upd. 2024-11-21

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • Phone Shop Sales Management System Project Phone Shop Sales Management System

    APP
    Phone Shop Sales Management System Project
    1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
IDOR
CWE
Referencje

Powiązane podatności

CVE-2021-36560CRITICAL9.8ten sam produkt

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass whic...

CVE-2021-36623CRITICAL9.8ten sam produkt

Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.

CVE-2021-36624CRITICAL9.8ten sam produkt

Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerabili...

CVE-2021-35337 — MEDIUM 4.3 | CVEbaza.pl