CVE-2021-35337

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.0280%

EPSS Percentile39.16th

PublishedJul 1, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

Affected Platforms (CPE)

📦

Phone Shop Sales Management System Project

Phone Shop Sales Management System

= 1.0

References & Advisories

🔗 https://www.exploit-db.com/exploits/50050

Related Vulnerabilities

CVE-2021-366239.8

Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.

CVE-2021-366249.8

Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for a...

CVE-2021-365609.8

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account t...

CVE-2021-224410.0

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: JAPI) and Essbase Analytic Provide...