RomM Insecure Direct Object Reference Vulnerability Allowing Unauthorized Deletion of User Collections
Vulnerability
A vulnerability in RomM (ROM Manager) versions prior to 4.4.1 and 4.4.1-beta.2 allows authenticated users to delete collections belonging to other users. This is achieved by sending a DELETE request to the collection endpoint without any ownership verification. The vulnerability arises because the delete_collection() function removes collections by ID without checking if the user requesting the deletion actually owns the collection. While the ownership check is present in the delete_smart_collection() function, it is absent in the normal collections deletion process.
Impact
Exploitation of this vulnerability allows for unauthorized deletion of user collections, leading to potential loss of data and disruption of user experience.
Remediation
Users can update to RomM version 4.4.1 or 4.4.1-beta.2, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.