Cybersecurity

IDOR in Purchase Order Cancellation Allows Unauthorized Users to Cancel Other Users' POs

Ali Nemati1 day ago26 sec read14 views

A vulnerability in MokaPOS's Purchase Order cancellation feature allows unauthorized users to cancel other users' POs by manipulating the PO ID without proper authorization checks. This can lead to business logic abuse, operational disruptions, and potential financial losses for procurement workflows. Content creators should emphasize the importance of robust access control measures and thorough security testing in web applications.

Read the full article at InfoSec Write-ups - Medium

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

Comments

U.S. Tax Season: How Threat Actors Exploit IRS Phishing, W-2 Fraud, and Dark Web Activity

During U.S. tax season, cybercriminals exploit the period's financial activity and urgency through phishing scams, W-2 fraud, and dark web sales of stolen data, targeting both individuals and organizations to commit identity theft and financial fraud...

Ali Nemati

Cybersecurity5 days ago34 sec read

When Proxies Become the Attack Vectors in Web Architectures

Summary: The article discusses vulnerabilities in HTTP headers that can be exploited through reverse proxies to bypass security controls. It covers two main types of attacks: header injection via normalization discrepancies (OAuth2-proxy underscore b...

Ali Nemati

Cybersecurity6 days ago25 sec read

XSS Ranked #1 Top Threat of 2025 by MITRE and CISA

Cross-Site Scripting (XSS) was ranked as the top cybersecurity threat for 2025 by MITRE and CISA, marking it as a persistent risk since at least 2010. This ranking underscores the ongoing challenge of securing web applications against XSS attacks, em...

Ali Nemati

Cybersecurity6 days ago43 sec read

Germany & Israel Under DDoS Attacks: Weekly DDoS Threat Intelligence Analysis

The NoName057(16) cyber group launched a coordinated DDoS attack targeting Germany and Israel over seven days in March 2024. The attacks were geographically diverse but concentrated on key political and economic targets such as Saxony-Anhalt municipa...

Ali Nemati

CybersecurityMar 923 sec read

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA added three newly exploited vulnerabilities to its KEV Catalog, highlighting significant risks for federal networks and urging timely remediation by all organizations. These vulnerabilities include issues in Omnissa Workspace ONE, SolarWinds Web...

Ali Nemati

IDOR in Purchase Order Cancellation Allows Unauthorized Users to Cancel Other Users' POs

Related Articles

U.S. Tax Season: How Threat Actors Exploit IRS Phishing, W-2 Fraud, and Dark Web Activity

When Proxies Become the Attack Vectors in Web Architectures

XSS Ranked #1 Top Threat of 2025 by MITRE and CISA

Germany & Israel Under DDoS Attacks: Weekly DDoS Threat Intelligence Analysis

CISA Adds Three Known Exploited Vulnerabilities to Catalog