Vulnerability Details : CVE-2021-35337
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
Products affected by CVE-2021-35337
- cpe:2.3:a:phone_shop_sales_management_system_project:phone_shop_sales_management_system:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-35337
0.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-35337
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2021-35337
-
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-35337
-
https://www.exploit-db.com/exploits/50050
Phone Shop Sales Managements System 1.0 - Insecure Direct Object Reference (IDOR) - PHP webapps ExploitExploit;Third Party Advisory;VDB Entry
Jump to