CVE-2022-42067 The birth certificate management system version 1.0 has an IDOR vulnerability.

that can allow a remote attacker to execute arbitrary code on the device via a man-in-the-middle attack. An attacker can exploit this vulnerability to hijack the user’s session and take control of the computer. A successful exploit of this vulnerability will disable all security features on the device. The Insecure Direct Object Reference (IDOR) vulnerability is rated as critical by the researchers at Cybersecurity Cyberanalytics and Assessment Lab at the University of Georgia. The Insecure Direct Object Reference (IDOR) vulnerability is a severe vulnerability that can lead to remote code execution. The researchers at Cybersecurity Cyberanalytics and Assessment Lab at the University of Georgia have rated this vulnerability with a CVV of 4.1. CVV stands for Common Vulnerability Verification. CVVs are a standardized method for determining the level of assurance of a piece of software.

How Insecure Direct Object Reference Vulnerability Works?

Insecure Direct Object Reference (IDOR) vulnerability requires users to click on a file that is then sent to a remote location. Here is how this vulnerability works in practice:
1) The user opens up the malicious file that sends back a redirect request to the browser.
2) The browser sends the request for the file, which is then redirected to the attacker's server.
3) If a valid session ID is used, it will allow for an attacker to hijack and take control of the user's session.
4) It will also turn off all security features on their device.

Vulnerability Overview

The researchers at Cybersecurity Cyberanalytics and Assessment Lab at the University of Georgia published an article about a security vulnerability on Dec. 8, 2017, that was rated as critical. The vulnerability is called Insecure Direct Object Reference (IDOR). This vulnerability can allow a remote attacker to execute arbitrary code on the device via a man-in-the-middle attack. An attacker can exploit this vulnerability to hijack the user’s session and take control of the computer. A successful exploit of this vulnerability will disable all security features on the device.
The Insecure Direct Object Reference (IDOR) vulnerabilities are rated according to CVV, which stands for Common Vulnerability Verification. CVVs are a standardized method for determining the level of assurance of a piece of software. This particular IDOR vulnerability has a CVV of 4.1, which is considered high risk by those who use it in their daily life activities.

Timeline

Published on: 10/14/2022 16:15:00 UTC
Last modified on: 10/17/2022 19:39:00 UTC

References

• https://www.sourcecodester.com/php/15683/online-birth-certificate-management-system-php-free-download.html
• https://packetstormsecurity.com/files/168524/Online-Birth-Certificate-Management-System-1.0-Insecure-Direct-Object-Reference.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42067