Vulnerability-Lookup

CNVD-2021-95930

Vulnerability from cnvd - Published: 2021-12-10

Title

Sourcecodester Phone Shop Sales Management System存在未明漏洞

Description

SourceCodester Phone Shop Sales Managements System是美国SourceCodester公司的一个PHP项目，用于管理电话商店的销售交易。 Sourcecodester Phone Shop Sales Managements System存在安全漏洞，该漏洞源于Sourcecodester Phone Shop Sales Managements System容易受到不安全直接对象引用 (IDOR) 的攻击。目前没有详细漏洞细节提供。

Severity

中

Patch Name

Sourcecodester Phone Shop Sales Management System存在未明漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.exploit-db.com/exploits/50050

Reference

https://www.exploit-db.com/exploits/50050

Impacted products

Name
SourceCodester Sourcecodester Phone Shop Sales Management System v1.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-35337",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-35337"
    }
  },
  "description": "SourceCodester Phone Shop Sales Managements System\u662f\u7f8e\u56fdSourceCodester\u516c\u53f8\u7684\u4e00\u4e2aPHP\u9879\u76ee\uff0c\u7528\u4e8e\u7ba1\u7406\u7535\u8bdd\u5546\u5e97\u7684\u9500\u552e\u4ea4\u6613\u3002\n\nSourcecodester Phone Shop Sales Managements System\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSourcecodester Phone Shop Sales Managements System\u5bb9\u6613\u53d7\u5230\u4e0d\u5b89\u5168\u76f4\u63a5\u5bf9\u8c61\u5f15\u7528 (IDOR) \u7684\u653b\u51fb\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.exploit-db.com/exploits/50050",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-95930",
  "openTime": "2021-12-10",
  "patchDescription": "SourceCodester Phone Shop Sales Managements System\u662f\u7f8e\u56fdSourceCodester\u516c\u53f8\u7684\u4e00\u4e2aPHP\u9879\u76ee\uff0c\u7528\u4e8e\u7ba1\u7406\u7535\u8bdd\u5546\u5e97\u7684\u9500\u552e\u4ea4\u6613\u3002\r\n\r\nSourcecodester Phone Shop Sales Managements System\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eSourcecodester Phone Shop Sales Managements System\u5bb9\u6613\u53d7\u5230\u4e0d\u5b89\u5168\u76f4\u63a5\u5bf9\u8c61\u5f15\u7528 (IDOR) \u7684\u653b\u51fb\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Sourcecodester Phone Shop Sales Management System\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SourceCodester Sourcecodester Phone Shop Sales Management System v1.0"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/50050",
  "serverity": "\u4e2d",
  "submitTime": "2021-07-05",
  "title": "Sourcecodester Phone Shop Sales Management System\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2021-35337 (GCVE-0-2021-35337)

Vulnerability from cvelistv5 – Published: 2021-07-01 13:15 – Updated: 2024-08-04 00:33

Summary

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://www.exploit-db.com/exploits/50050

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:33:51.342Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/50050"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-01T13:15:26.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.exploit-db.com/exploits/50050"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-35337",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.exploit-db.com/exploits/50050",
              "refsource": "MISC",
              "url": "https://www.exploit-db.com/exploits/50050"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-35337",
    "datePublished": "2021-07-01T13:15:26.000Z",
    "dateReserved": "2021-06-23T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:33:51.342Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-95930

CVE-2021-35337 (GCVE-0-2021-35337)

Tags

Sightings

Nomenclature