| タイトル | Sanitization Management System v1.0 Insufficient Authorization Controls |
|---|
| 説明 | It was observed that Sanitization Management System v1.0 suffers from insufficient authorization controls whereby an unauthenticated attacker could perform sensitive actions by directly invoking the endpoints, thus gaining full control over the web application.
The following functions are affected and could directly be triggered without authentication:
1. creation, modification and deletion of privileged users
2. access to sensitive information such as inquiries and quote requests belonging to other customers
3. deletion and modification of company information
While user would require a valid session ID to access the administrative functions on the browser, it is possible to directly invoke the endpoints using Burpsuite and access the functions without a UI. |
|---|
| ユーザー | jiajian (UID 34329) |
|---|
| 送信 | 2022年10月23日 18:55 (3 年 ago) |
|---|
| モデレーション | 2022年10月24日 07:43 (13 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 212017 [SourceCodester Sanitization Management System 1.0 弱い認証] |
|---|
| ポイント | 17 |
|---|