Insecure Direct Object Reference (IDOR) vulnerability in Sourcecodester Phone Shop Sales Management System 1.0

CVE-2021-35337 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

Learn more about our User Device Pen Test.