CVE-2021-35337

Published: Jul 1, 2021Modified: Jun 17, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.

Affected (1)

Products: Phone Shop Sales Management System Project: Phone Shop Sales Management System

Phone Shop Sales Management System Project

1 product

Phone Shop Sales Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phone Shop Sales Management System Project Phone Shop Sales Management System	Version 1.0

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://www.exploit-db.com/exploits/50050

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/50050

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

Timeline

No history available yet.