Change / view others user information

This public forum is for user-to-user discussions of PHPMaker. Note that this is not support forum.
Post Reply
scs
User
Posts: 694

Change / view others user information

Post by scs »

Anybody test this before?

when you login to your system as normal user and try editing your own account,

eg. http : / / <<<yourdomain.com / usersedit.php ?_userid=200

then you change the 200 to any number, example 1

http : / / <<<yourdomain.com>>> / usersedit.php ?_userid=1

You're able to view and/or modify the contain even you don't have the rights.

Is this dangerous? or how to prevent this?

Top
mobhar
User
Posts: 11736

Post by mobhar »

This issue should not be happened if you have protected/enabled your "users" table with User ID Security from "Advanced Security" -> "User ID" -> "User ID Field".

Top
Post Reply

Return to “General Discussion (PHPMaker)”