提出 #487618: CampCodes School Management Software 1.0 Improper Privilege Management情報

タイトルCampCodes School Management Software 1.0 Improper Privilege Management
説明Vendor and Product Information: Vendor: CampCodes Product: School Management Software Product URL: https://www.campcodes.com/downloads/school-management-software-in-php-mysql-full-source-code/ Vulnerability Name: Sensitive Super Admin Data Exposure and Unauthorized Data Update via IDOR (Teacher Role to Super Admin Role) Description: It was observed that via IDOR a teacher can obtain the fetch the details of Super Admin which includes the admin’s sensitive Bank Account Details, Email ID, profile picture, Name Details etc. The teacher can further update the Super Admin’s account details such as Bank Account Details, Email ID, profile picture, name etc. This is a serious issue as a lower privilege user can manipulate and make modifications to super admin’s profile data.
ソース⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Sensitive%20Super%20Admin%20Data%20Exposure%20and%20Unauthorized%20Data%20Update%20via%20IDOR%20(Teacher%20Role%20to%20Super%20Admin%20Role).pdf
ユーザー
 khukuririmal (UID 80171)
送信2025年01月22日 18:01 (1 年 ago)
モデレーション2025年01月29日 18:12 (7 days later)
ステータス承諾済み
VulDBエントリ294012 [CampCodes School Management Software 1.0 Staff /edit-staff/ 特権昇格]
ポイント20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!