Описание
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpgurukul:employee_leave_management_system:2.1:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00029
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 4.3
github
5 месяцев назад
PHPGurukul Employee Leave Management System 2.1 contains an Insecure Direct Object Reference (IDOR) vulnerability in leave-details.php. An authenticated user can change the leaveid parameter in the URL to access leave application details of other users.
EPSS
Процентиль: 8%
0.00029
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-639