Michlol - rashim web interface Insecure direct object references (IDOR).
First of all, the attacker needs to login.
After he performs log into the system there are some functionalities that the specific user is not allowed to perform.
However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then
the attacker can access sensitive data that he not supposed to access because its belong to another user.
References
Link | Resource |
---|---|
https://www.gov.il/en/departments/faq/cve_advisories |
Configurations
History
17 Apr 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user. |
08 Aug 2023, 14:21
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-78 |
Information
Published : 2022-08-05 16:15
Updated : 2024-04-17 10:15
NVD link : CVE-2022-34769
Mitre link : CVE-2022-34769
CVE.ORG link : CVE-2022-34769
JSON object : View
Products Affected
rashim
- michlol
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')