| タイトル | SourceCodester Invoice-System 1.0 Broken Access Control |
|---|
| 説明 | Vulnerable Endpoint:
/home.php, /category.php, /state.php, /cpyprofile.php
Vulnerability Description:
Several pages intended for administrative use are protected only by navigation logic. The backend checks only for a valid session, not for an administrative role, and enables inline editing for customers, categories, states, and company profile data.
Any authenticated user can access these endpoints directly and alter core business records. |
|---|
| ソース | ⚠️ https://gist.github.com/c4ttr4ck/db84fc2af3e542acf1eab685264bcfc1 |
|---|
| ユーザー | c4ttr4ck (UID 75518) |
|---|
| 送信 | 2026年04月26日 23:13 (1 月 ago) |
|---|
| モデレーション | 2026年05月24日 08:38 (27 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 365393 [SourceCodester Indian Invoicing System 1.0 Backend Endpoint 特権昇格] |
|---|
| ポイント | 20 |
|---|