जमा करें #846833: SourceCodester Multi-Vendor Online Grocery Management System 1.0 Improper Authorizationजानकारी

शीर्षकSourceCodester Multi-Vendor Online Grocery Management System 1.0 Improper Authorization
विवरण A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. It has been classified as critical. The cancel_order() function in classes/Master.php accepts an order id from POST data and updates its status without verifying the order belongs to the current user. Any authenticated client can cancel any order in the system by supplying an arbitrary order ID. POST /mvogms/classes/Master.php?f=cancel_order id=2 Response: {"status":"success","msg":" Order has been cancelled successfully."}
स्रोत⚠️ https://github.com/lee945/cve/issues/4
उपयोगकर्ता
 cHr1s (UID 98736)
सबमिशन03/06/2026 01:55 PM (1 महीना पहले)
संयम04/07/2026 06:59 AM (1 month later)
स्थितिस्वीकृत
VulDB प्रविष्टि376289 [SourceCodester Multi-Vendor Online Grocery Management System 1.0 classes/Master.php cancel_order अधिकार वृद्धि]
अंक20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!