| Título | SourceCodester Water Billing Management System in PHP/OOP Free Source Code 1.0 Authorization Bypass |
|---|
| Descripción | A critical vulnerability in the Water Billing Management System allows unauthenticated attackers to create new administrative accounts. By sending a specially crafted POST request to the user management endpoint, an attacker can bypass the intended administrative interface and gain full control over the system.
Vulnerability Description The file /wbms/classes/Users.php contains a function save (triggered by the parameter f=save) that handles the creation and modification of user accounts. This endpoint lacks a session validation check or middleware to verify if the requester has administrative privileges.
Because the system uses an OOP approach where the class method is directly accessible via a GET/POST parameter, an external attacker can invoke the "save" logic without being logged in. By setting the type parameter to 1 (commonly representing the Admin role in this codebase), the attacker can elevate their privileges immediately. |
|---|
| Fuente | ⚠️ https://github.com/renzortega1337/Security-Research-/blob/main/Unauthenticated%20Admin%20Creation%20in%20PHP%20System.md |
|---|
| Usuario | renzortega1337 (UID 98096) |
|---|
| Sumisión | 2026-05-08 15:10 (hace 27 días) |
|---|
| Moderación | 2026-05-31 10:24 (23 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 367515 [SourceCodester Water Billing Management System 1.0 User Management Endpoint Users.php?f=save escalada de privilegios] |
|---|
| Puntos | 20 |
|---|