VYPR
Medium severity4.3NVD Advisory· Published Aug 9, 2021· Updated Jun 17, 2026

CVE-2021-37215

CVE-2021-37215

Description

The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and then over-write another employee’s user data by specifying that employee’s ID in the API parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Flygo/Flygollm-fuzzy
  • Larvata Digital Technology Co. Ltd./FLYGOv5
    Range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.