| タイトル | CampCodes School Management Software 1.0 Improper Privilege Management |
|---|
| 説明 | Vendor and Product Information:
Vendor: CampCodes
Product: School Management Software
Product URL: https://www.campcodes.com/downloads/school-management-software-in-php-mysql-full-source-code/
Vulnerability Name: Sensitive Super Admin Data Exposure and Unauthorized Data Update via IDOR (Teacher Role to Super Admin Role)
Description:
It was observed that via IDOR a teacher can obtain the fetch the details of Super Admin which includes the admin’s sensitive Bank Account Details, Email ID, profile picture, Name Details etc. The teacher can further update the Super Admin’s account details such as Bank Account Details, Email ID, profile picture, name etc. This is a serious issue as a lower privilege user can manipulate and make modifications to super admin’s profile data. |
|---|
| ソース | ⚠️ https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Sensitive%20Super%20Admin%20Data%20Exposure%20and%20Unauthorized%20Data%20Update%20via%20IDOR%20(Teacher%20Role%20to%20Super%20Admin%20Role).pdf |
|---|
| ユーザー | khukuririmal (UID 80171) |
|---|
| 送信 | 2025年01月22日 18:01 (1 年 ago) |
|---|
| モデレーション | 2025年01月29日 18:12 (7 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 294012 [CampCodes School Management Software 1.0 Staff /edit-staff/ 特権昇格] |
|---|
| ポイント | 20 |
|---|