| タイトル | Best Fee Management System Improper Access Control vulnerable leads to system takeover |
|---|
| 説明 | An Attacker without access to the system can add himself/herself as the system administrator, attacker can then manipulate system data. In admin_class.php file
the save_user function lacks of acess check.
Vendor
SourceCodester
Version
The software is unversioned as of now (2023/7/10). Below is the tested version download link.
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/click_fees_0.zip |
|---|
| ソース | ⚠️ https://github.com/movonow/demo/edit/main/click_fees.md |
|---|
| ユーザー | zhangguohu (UID 30684) |
|---|
| 送信 | 2023年07月10日 16:09 (3 年 ago) |
|---|
| モデレーション | 2023年07月10日 19:16 (3 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 233450 [SourceCodester Best Fee Management System 1.0 Add User admin_class.php save_user 特権昇格] |
|---|
| ポイント | 20 |
|---|