exploitDog

GHSA-8phv-m7cx-69hj

Опубликовано: 02 сент. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.

PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.

Ссылки

EPSS

Процентиль: 8%

0.00029

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2025-56254

CVSS3: 4.3

nvd

5 месяцев назад

PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.

EPSS

Процентиль: 8%

0.00029

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-639