Submeter #758333: Indotalent Asp.Net-Core-Inventory-Order-Management-System v9.20250118 Improper Access Controlsinformação

TítuloIndotalent Asp.Net-Core-Inventory-Order-Management-System v9.20250118 Improper Access Controls
DescriçãoA broken access control vulnerability in Asp.Net-Core-Inventory-Order-Management-System v9.20250118 and earlier allows a low-privileged authenticated user to obtain full administrative access. The application renders privileged administrative content before authorization enforcement and relies solely on a client-side redirect to restrict access. By interrupting or bypassing the redirect (e.g., via browser navigation controls or developer-tool debugger pause), an attacker can access a fully functional administrative interface and perform privileged operations including user enumeration, account modification, and password reset, resulting in complete application compromise.
Fonte⚠️ https://github.com/Ghufran2/CVE-Asp.Net-Core-Inventory-Order-Management-System-Advisories/blob/main/Asp.Net-Core-Inventory-Order-Management-System%20Privilege%20Escalation%20via%20Client-Side%20Redirect%20Bypass.md
Utilizador
 Ghufran Khan (UID 95493)
Submissão14/02/2026 15h09 (há 2 meses)
Moderação26/02/2026 15h39 (12 days later)
EstadoAceite
Entrada VulDB347985 [go2ismail Asp.Net-Core-Inventory-Order-Management-System até 9.20250118 Administrative Interface Redirect]
Pontos20

VoltarVisão GeralPróximo

Want to know what is going to be exploited?

We predict KEV entries!