phpList 3.0.10 Insecure Direct Object Reference

2015.04.02
Credit: Provensec
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Affected software: phplist # Type of vulnerability: insecure object reference # URL:phplist.com # Discovered by: Provensec # Website: http://www.provensec.com #version: phpList ltd. - v3.0.10 # Proof of concept insecure object refrenced on page deltetation vuln param:delete example: http://demo.phplist.com/lists/admin/?page=send&delete=2&tk=035d99 ref: https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OTG-AUTHZ-004%29

References:

https://www.owasp.org/index.php/Testing_for_Insecure_Direct_Object_References_%28OTG-AUTHZ-004%29


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top