| タイトル | Code4Berry Decoration Management System 1.0 Improper Handling of Insufficient Permissions or Privileges |
|---|
| 説明 | A regular user can visit the endpoint /decoration/admin/user_permission.php and change the abilities delegated to each type of user, including themselves, admins or superadmins. By default, regular users only have permissions set to "Create Service", though they can add "Create User", "Delete User" and "Update Service" permissions to their own usertype, effectively making them equal to a superadmin. They can also remove all of these abilities from admins and superadmins.
|
|---|
| ユーザー | scumdestroy (UID 48934) |
|---|
| 送信 | 2024年11月12日 04:47 (1 年 ago) |
|---|
| モデレーション | 2024年11月20日 09:11 (8 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 285501 [Code4Berry Decoration Management System 1.0 User Permission user_permission.php 特権昇格] |
|---|
| ポイント | 17 |
|---|