Rishb0

**Name of the Vulnerable Software and Affected Versions** PHPGurukul Employee Leave Management System version 2.1 **Description** The software contains an Insecure Direct Object Reference (IDOR) vulnerability in the `leave-details.php` file. An authenticated user can modify the `leaveid` parameter within the URL to gain unauthorized access to leave application details belonging to other users. **Recommendations** Ensure that access to leave application details is properly restricted based on user authentication and authorization. Implement robust input validation and sanitization for the `leaveid` parameter to prevent manipulation.