exploitDog

CVE-2021-35337

Опубликовано: 01 июл. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

Ссылки

https://www.exploit-db.com/exploits/50050
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/50050
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phone_shop_sales_management_system_project:phone_shop_sales_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00124

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639

Связанные уязвимости

GHSA-qr79-4qwm-2cwc

CVSS3: 4.3

github

больше 3 лет назад

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

EPSS

Процентиль: 32%

0.00124

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-639