A Less Known Attack Vector, Second Order IDOR Attacks

Insecure Direct Object Reference (IDOR)

Second-order SQL injection arises when user-supplied data is stored by the application and later incorporated into SQL queries in an unsafe way.