Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NPhone Shop Sales Management System Project Phone Shop Sales Management System
APPPhone Shop Sales Management System Project1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
IDOR
CWE
Related vulnerabilities
CVE-2021-36560CRITICAL9.8ten sam produkt
Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass whic...
CVE-2021-36623CRITICAL9.8ten sam produkt
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
CVE-2021-36624CRITICAL9.8ten sam produkt
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerabili...