IDOR in https://moneybird.com/user/accountant_company/edit(change company name)
Low
M
Moneybird
Submitted None
Team Summary
Official summary from Moneybird
Reporter found a way to change the name of an accountant company for which he didn't have permissions. We added extra checks to prevent these kind of Insecure Direct Object Reference bugs.
Actions:
Reported by
t3chnophil3
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Insecure Direct Object Reference (IDOR)