CVE-2024-55058

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Birth Certificate System version 1.0

Description An insecure direct object reference (IDOR) vulnerability was discovered in the PHPGurukul Online Birth Certificate System. This issue resides in the viewid parameter of "/user/view-application-detail.php". Authenticated users can exploit this flaw by manipulating the viewid parameter in the URL to access sensitive birth certificate details of other users without proper authorization checks.

Recommendations To resolve this issue, update PHPGurukul Online Birth Certificate System to a version that includes a fix for this vulnerability. As a temporary workaround, consider restricting access to the "/user/view-application-detail.php" endpoint to minimize the risk of exploitation. Avoid using the viewid parameter in the affected API endpoint until the issue is resolved.