Vulnerabilities > CVE-2021-37215 - Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
larvata
CWE-639

Summary

The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter.

Vulnerable Configurations

Part Description Count
Application
Larvata
2