CVE-2021-35337

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.0280%

EPSS Percentile39.16th

Published2021年7月1日

Last Modified2024年11月21日

Vulnerability Description

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

Affected Platforms (CPE)

📦

Phone Shop Sales Management System Project

Phone Shop Sales Management System

= 1.0

References & Advisories

🔗 https://www.exploit-db.com/exploits/50050

関連する脆弱性情報

CVE-2021-366239.8

Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.

CVE-2021-366249.8

Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for a...

CVE-2021-365609.8

Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account t...

CVE-2021-4422810.0

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration...