I discovered an IDOR vulnerability in the appoinment cancellation, it is possible for an attacker to cancel anyone's appointment just for changing ID parameter in the GET request
Vulnerable Code:
if(isset($_GET['cancel']))
{
$query=mysqli_query($con,"update appointmenttb set userStatus='0' where ID = '".$_GET['ID']."'");
if($query)
{
echo "<script>alert('Your appointment successfully cancelled');</script>";
}
}
Recommendation: Check if the appointment belongs to the user deleting the request
I discovered an IDOR vulnerability in the appoinment cancellation, it is possible for an attacker to cancel anyone's appointment just for changing ID parameter in the GET request
Vulnerable Code:
if(isset($_GET['cancel']))
{
$query=mysqli_query($con,"update appointmenttb set userStatus='0' where ID = '".$_GET['ID']."'");
if($query)
{
echo "<script>alert('Your appointment successfully cancelled');</script>";
}
}
Recommendation: Check if the appointment belongs to the user deleting the request