IDOR allowing to see other users' entries in wallabag/wallabag
Jan 4th 2023
The exporting entry functionality is vulnerable to an IDOR attack.
Proof of Concept
- Create a new entry as an existing user. Let's say the entry's id is 1.
- Create a new user and login as them.
- Go to
An attacker can see other users' entries.