Enviar #813608: SourceCodester Invoice-System 1.0 Broken Access Controlinformación

TítuloSourceCodester Invoice-System 1.0 Broken Access Control
DescripciónVulnerable Endpoint: /home.php, /category.php, /state.php, /cpyprofile.php Vulnerability Description: Several pages intended for administrative use are protected only by navigation logic. The backend checks only for a valid session, not for an administrative role, and enables inline editing for customers, categories, states, and company profile data. Any authenticated user can access these endpoints directly and alter core business records.
Fuente⚠️ https://gist.github.com/c4ttr4ck/db84fc2af3e542acf1eab685264bcfc1
Usuario
 c4ttr4ck (UID 75518)
Sumisión2026-04-26 23:13 (hace 1 mes)
Moderación2026-05-24 08:38 (27 days later)
EstadoAceptado
Entrada de VulDB365393 [SourceCodester Indian Invoicing System 1.0 Backend Endpoint escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!