| عنوان | SourceCodester Invoice-System 1.0 Broken Access Control |
|---|
| الوصف | Vulnerable Endpoint:
/home.php, /category.php, /state.php, /cpyprofile.php
Vulnerability Description:
Several pages intended for administrative use are protected only by navigation logic. The backend checks only for a valid session, not for an administrative role, and enables inline editing for customers, categories, states, and company profile data.
Any authenticated user can access these endpoints directly and alter core business records. |
|---|
| المصدر | ⚠️ https://gist.github.com/c4ttr4ck/db84fc2af3e542acf1eab685264bcfc1 |
|---|
| المستخدم | c4ttr4ck (UID 75518) |
|---|
| ارسال | 26/04/2026 11:13 PM (1 شهر منذ) |
|---|
| الاعتدال | 24/05/2026 08:38 AM (27 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365393 [SourceCodester Indian Invoicing System 1.0 Backend Endpoint تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|