Hello everyone,
We’ve been experiencing some issues with our system that pertain to certain endpoints that utilize auto-incrementing IDs. It seems that these IDs can be manipulated by attackers, allowing them to modify the ID to a value near the maximum limit, such as 2147483647. This causes the next user who creates a new row in the table to be assigned an ID that exceeds the MySQL ID limit, resulting in a 500 error status and widespread malfunctions across all the customers utilizing the vulnerable functionality.
We’re looking for some guidance on how to fix this issue. Does anyone have any suggestions on how to prevent attackers from manipulating the auto-incrementing IDs?
Any help or insights you can provide would be greatly appreciated. Thank you in advance!