| Título | Code4Berry Decoration Management System 1.0 Improper Handling of Insufficient Permissions or Privileges |
|---|
| Descrição | A regular user can visit the endpoint /decoration/admin/user_permission.php and change the abilities delegated to each type of user, including themselves, admins or superadmins. By default, regular users only have permissions set to "Create Service", though they can add "Create User", "Delete User" and "Update Service" permissions to their own usertype, effectively making them equal to a superadmin. They can also remove all of these abilities from admins and superadmins.
|
|---|
| Utilizador | scumdestroy (UID 48934) |
|---|
| Submissão | 12/11/2024 04h47 (há 1 Ano) |
|---|
| Moderação | 20/11/2024 09h11 (8 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 285501 [Code4Berry Decoration Management System 1.0 User Permission user_permission.php Elevação de Privilégios] |
|---|
| Pontos | 17 |
|---|