| 제목 | Best Fee Management System Improper Access Control vulnerable leads to system takeover |
|---|
| 설명 | An Attacker without access to the system can add himself/herself as the system administrator, attacker can then manipulate system data. In admin_class.php file
the save_user function lacks of acess check.
Vendor
SourceCodester
Version
The software is unversioned as of now (2023/7/10). Below is the tested version download link.
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/click_fees_0.zip |
|---|
| 원천 | ⚠️ https://github.com/movonow/demo/edit/main/click_fees.md |
|---|
| 사용자 | zhangguohu (UID 30684) |
|---|
| 제출 | 2023. 07. 10. PM 04:09 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 07. 10. PM 07:16 (3 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 233450 [SourceCodester Best Fee Management System 1.0 Add User admin_class.php save_user 권한 상승] |
|---|
| 포인트들 | 20 |
|---|