Vulnerabilities > CVE-2021-37214 - Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
larvata
CWE-639

Summary

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in specific parameters to arbitrary access employee's data, modify it, and then obtain administrator privilege and execute arbitrary command.

Vulnerable Configurations

Part Description Count
Application
Larvata
2