Podatność CVE-2022-3774


Publikacja: 2022-10-31

Opis:
A vulnerability was found in SourceCodester Train Scheduler App 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /train_scheduler_app/?action=delete. The manipulation of the argument id leads to improper control of resource identifiers. The attack may be launched remotely. The identifier of this vulnerability is VDB-212504.

Typ:

CWE-99

(Improper Control of Resource Identifiers ('Resource Injection'))

 Referencje:
https://vuldb.com/?id.212504
https://github.com/rohit0x5/poc/blob/main/idor
http://packetstormsecurity.com/files/169604/Train-Scheduler-App-1.0-Insecure-Direct-Object-Reference.html

Copyright 2024, cxsecurity.com

 

Back to Top