Insecure Direct Object Reference Vulnerability in PHPGurukul Online Birth Certificate System
CVE-2024-55058

Currently unrated

Key Information:

Vendor: PHPGurukul
Status: Online Birth Certificate System
Vendor: CVE Published:; 17 December 2024

Summary

CVE-2024-55058 is a critical insecure direct object reference (IDOR) vulnerability found in PHPGurukul's Online Birth Certificate System version 1.0. This vulnerability enables authenticated users to manipulate the 'viewid' parameter within the URL to gain unauthorized access to sensitive birth certificate details of other users. The lack of proper authorization checks allows potential attackers to expose sensitive user information, leading to privacy violations and data breaches. It is crucial for users and administrators to apply necessary patches and follow security best practices to mitigate the risks associated with this vulnerability.

References

https://github.com/SCR-athif/CVE/tree/main/CVE-2024-55058

Timeline

Vulnerability published
Dec 17, 2024