제출 #846833: SourceCodester Multi-Vendor Online Grocery Management System 1.0 Improper Authorization정보

제목SourceCodester Multi-Vendor Online Grocery Management System 1.0 Improper Authorization
설명 A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. It has been classified as critical. The cancel_order() function in classes/Master.php accepts an order id from POST data and updates its status without verifying the order belongs to the current user. Any authenticated client can cancel any order in the system by supplying an arbitrary order ID. POST /mvogms/classes/Master.php?f=cancel_order id=2 Response: {"status":"success","msg":" Order has been cancelled successfully."}
원천⚠️ https://github.com/lee945/cve/issues/4
사용자
 cHr1s (UID 98736)
제출2026. 06. 03. PM 01:55 (1 월 ago)
모더레이션2026. 07. 04. AM 06:59 (1 month later)
상태수락
VulDB 항목376289 [SourceCodester Multi-Vendor Online Grocery Management System 1.0 classes/Master.php cancel_order 권한 상승]
포인트들20

Do you want to use VulDB in your project?

Use the official API to access entries easily!