CVE-2021-35337

MEDIUM

Phone Shop Sales Management System 1.0 - Insecure Direct Object Reference via ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-35337. PoCs published by Pratik Khalane.

AI-analyzed exploit summary This is a writeup describing an Insecure Direct Object Reference (IDOR) vulnerability in Phone Shop Sales Managements System 1.0. The exploit involves modifying the 'id' parameter in the Invoice.php URL to access sensitive user details without proper authorization.

Description

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

Exploits (1)

exploitdb WRITEUP

by Pratik Khalane · textwebappsphp

https://www.exploit-db.com/exploits/50050

View Code ZIP pw:eip

This is a writeup describing an Insecure Direct Object Reference (IDOR) vulnerability in Phone Shop Sales Managements System 1.0. The exploit involves modifying the 'id' parameter in the Invoice.php URL to access sensitive user details without proper authorization.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Phone Shop Sales Managements System 1.0

Auth required

Prerequisites: Valid credentials to log in to the application

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/50050

Scores

CVSS v3 4.3

EPSS 0.0082

EPSS Percentile 52.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-639

Status published

Products (1)

phone_shop_sales_management_system_project/phone_shop_sales_management_system 1.0

Published Jul 01, 2021

Tracked Since Feb 18, 2026