| Titre | Sanitization Management System v1.0 Insufficient Authorization Controls |
|---|
| Description | It was observed that Sanitization Management System v1.0 suffers from insufficient authorization controls whereby an unauthenticated attacker could perform sensitive actions by directly invoking the endpoints, thus gaining full control over the web application.
The following functions are affected and could directly be triggered without authentication:
1. creation, modification and deletion of privileged users
2. access to sensitive information such as inquiries and quote requests belonging to other customers
3. deletion and modification of company information
While user would require a valid session ID to access the administrative functions on the browser, it is possible to directly invoke the endpoints using Burpsuite and access the functions without a UI. |
|---|
| Utilisateur | jiajian (UID 34329) |
|---|
| Soumission | 23/10/2022 18:55 (il y a 3 ans) |
|---|
| Modérer | 24/10/2022 07:43 (13 hours later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 212017 [SourceCodester Sanitization Management System 1.0 authentification faible] |
|---|
| Points | 17 |
|---|