2 matches found
CVE-2021-37213
The check-in record page of Flygo contains Insecure Direct Object Reference IDOR vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date in specific parameters to access particular employee’s check-in record...
CVE-2021-37213
The CVE-2021-37213 entry concerns Flygo, an attendance/clocking system by Larvata. Affected component: the check-in record page where an authenticated general user can exploit an insecure direct object reference (IDOR) by altering parameters (employee ID and date) to access other employees’ check...