Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
teklifolustur_app's IDOR vulnerability allows unauthorized access to other users' offers
Vulnerability Description
teklifolustur_app is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference (IDOR) vulnerability exists in the offer view functionality. Authenticated users can manipulate the offer_id parameter to access offers belonging to other users. The issue is caused by missing authorization checks ensuring that the requested offer belonged to the currently authenticated user. Commit dd082a134a225b8dcd401b6224eead4fb183ea1c contains a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Teklif Yönetim Sistemi 安全漏洞
Vulnerability Description
Teklif Yönetim Sistemi是sibercii6-crypto个人开发者的一个管理跟踪客户报价的软件。 Teklif Yönetim Sistemi存在安全漏洞,该漏洞源于报价查看功能中缺少授权检查,可能导致经过身份验证的用户访问其他用户的报价。
CVSS Information
N/A
Vulnerability Type
N/A