| 제목 | Code4Berry Decoration Management System 1.0 Improper Handling of Insufficient Permissions or Privileges |
|---|
| 설명 | A regular user can visit the endpoint /decoration/admin/user_permission.php and change the abilities delegated to each type of user, including themselves, admins or superadmins. By default, regular users only have permissions set to "Create Service", though they can add "Create User", "Delete User" and "Update Service" permissions to their own usertype, effectively making them equal to a superadmin. They can also remove all of these abilities from admins and superadmins.
|
|---|
| 사용자 | scumdestroy (UID 48934) |
|---|
| 제출 | 2024. 11. 12. AM 04:47 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 11. 20. AM 09:11 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 285501 [Code4Berry Decoration Management System 1.0 User Permission user_permission.php 권한 상승] |
|---|
| 포인트들 | 17 |
|---|