提出 #846833: SourceCodester Multi-Vendor Online Grocery Management System 1.0 Improper Authorization情報

タイトルSourceCodester Multi-Vendor Online Grocery Management System 1.0 Improper Authorization
説明 A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. It has been classified as critical. The cancel_order() function in classes/Master.php accepts an order id from POST data and updates its status without verifying the order belongs to the current user. Any authenticated client can cancel any order in the system by supplying an arbitrary order ID. POST /mvogms/classes/Master.php?f=cancel_order id=2 Response: {"status":"success","msg":" Order has been cancelled successfully."}
ソース⚠️ https://github.com/lee945/cve/issues/4
ユーザー
 cHr1s (UID 98736)
送信2026年06月03日 13:55 (1 月 ago)
モデレーション2026年07月04日 06:59 (1 month later)
ステータス承諾済み
VulDBエントリ376289 [SourceCodester Multi-Vendor Online Grocery Management System 1.0 classes/Master.php cancel_order 特権昇格]
ポイント20

Interested in the pricing of exploits?

See the underground prices here!