PT-2024-34512 · Phpgurukul · Phpgurukul Beauty Parlour Management System
Abhijith Narayanan
·
Published
2024-10-31
·
Updated
2024-11-01
·
CVE-2024-51066
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Phpgurukul's Beauty Parlour Management System version 1.1
Description:
The issue is related to an Insecure Direct Object Reference (IDOR) vulnerability in the appointment-detail.php file. This vulnerability allows unauthorized access to the Personally Identifiable Information (PII) of other customers.
Recommendations:
For Phpgurukul's Beauty Parlour Management System version 1.1, consider restricting access to the appointment-detail.php file until a patch is available. As a temporary workaround, limit the exposure of customer PII by implementing additional access controls or authentication measures for the affected file.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Beauty Parlour Management System