| Titel | Best Fee Management System Improper Access Control vulnerable leads to system takeover |
|---|
| Beschreibung | An Attacker without access to the system can add himself/herself as the system administrator, attacker can then manipulate system data. In admin_class.php file
the save_user function lacks of acess check.
Vendor
SourceCodester
Version
The software is unversioned as of now (2023/7/10). Below is the tested version download link.
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/click_fees_0.zip |
|---|
| Quelle | ⚠️ https://github.com/movonow/demo/edit/main/click_fees.md |
|---|
| Benutzer | zhangguohu (UID 30684) |
|---|
| Einreichung | 10.07.2023 16:09 (vor 3 Jahren) |
|---|
| Moderieren | 10.07.2023 19:16 (3 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 233450 [SourceCodester Best Fee Management System 1.0 Add User admin_class.php save_user erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|