CVE-2025-65647

Name of the Vulnerable Software and Affected Versions PHPGURUKUL Online Shopping Portal version 2.1

Description An Insecure Direct Object Reference (IDOR) exists in the Track order function. This allows information disclosure through manipulation of the oid parameter. An IDOR occurs when an application provides direct access to objects based on user-supplied input. In this case, a user may be able to access order information that they are not authorized to view by modifying the oid parameter.

Recommendations Ensure proper authorization checks are implemented within the Track order function to verify that users only have access to their own order information. Validate the oid parameter to ensure it corresponds to a valid order associated with the authenticated user.