| Titre | SourceCodester Web-based Pharmacy Product Management System 1.0 Improper Access Controls |
|---|
| Description | The web application contains a Broken Access Control vulnerability in the add_admin.php endpoint. Although this functionality is intended to be accessible only by administrators, a non-administrative user account created by an admin is able to directly access this endpoint and create new users with administrative privileges.
The application fails to enforce proper authorization checks on the add_admin.php page. As a result, any authenticated user; regardless of their assigned role can access the administrative user creation functionality by directly browsing to the endpoint.
This flaw allows a low-privileged user to escalate their privileges to an administrator, leading to full compromise of the application’s administrative controls.
Steps to Reproduce
1.Log in to the application using an administrator account.
2.Navigate to User Management. To Add User
3.Create a normal user account using the admin interface.
4. Note down at the endpoint "add-admin.php"
5.Log out from the administrator account.
6.Log in using the newly created non-admin user account.
7.Directly navigate to the endpoint "http://localhost/product_expiry/add-admin.php"
8.Observe that the page loads successfully without any access restriction.
9.Use the available form to create a new User and assign the Admin role.
10.Log in using the newly created admin account.
11.Confirm that the account has administrative privileges.
Root Cause:
Missing or improper server-side authorization checks
Role-based access control (RBAC) not enforced on sensitive endpoints
Reliance on frontend or UI-level restrictions instead of backend validation |
|---|
| La source | ⚠️ https://x.x.x.x/product_expiry |
|---|
| Utilisateur | MuhdFarhan (UID 95720) |
|---|
| Soumission | 02/03/2026 05:26 (il y a 2 mois) |
|---|
| Modérer | 11/03/2026 20:07 (10 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 350535 [SourceCodester Web-based Pharmacy Product Management System 1.0 add_admin.php élévation de privilèges] |
|---|
| Points | 17 |
|---|