CVE-2021-35337

MEDIUM

Phone Shop Sales Management System - IDOR

Title source: rule

Description

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

Exploits (1)

exploitdb WRITEUP

by Pratik Khalane · textwebappsphp

https://www.exploit-db.com/exploits/50050

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50050

Scores

CVSS v3 4.3

EPSS 0.0012

EPSS Percentile 31.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-639

Status published

Products (1)

phone_shop_sales_management_system_project/phone_shop_sales_management_system 1.0

Published Jul 01, 2021

Tracked Since Feb 18, 2026