| عنوان | Code4Berry Decoration Management System 1.0 Improper Handling of Insufficient Permissions or Privileges |
|---|
| الوصف | A regular user can visit the endpoint /decoration/admin/user_permission.php and change the abilities delegated to each type of user, including themselves, admins or superadmins. By default, regular users only have permissions set to "Create Service", though they can add "Create User", "Delete User" and "Update Service" permissions to their own usertype, effectively making them equal to a superadmin. They can also remove all of these abilities from admins and superadmins.
|
|---|
| المستخدم | scumdestroy (UID 48934) |
|---|
| ارسال | 12/11/2024 04:47 AM (1 سنة منذ) |
|---|
| الاعتدال | 20/11/2024 09:11 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 285501 [Code4Berry Decoration Management System 1.0 User Permission user_permission.php تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|