CVE-2024-55058 — Use of Incorrectly-Resolved Name or Reference in Online Birth Certificate System

CWE-706 — Use of Incorrectly-Resolved Name or Reference3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 76.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Online Birth Certificate System
Timeline
PublishedDec 17

Description

An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the URL to access sensitive birth certificate details of other users without proper authorization checks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

🔴Vulnerability Details

2
CVEList
CVE-2024-55058: An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1↗2024-12-17
â–¶
GHSA
GHSA-527r-mrh4-wx97: An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1↗2024-12-17
â–¶
CVE-2024-55058 — MEDIUM severity | cvebase