| Título | SourceCodester Pet Grooming Management Software 1.0 Improper Authorization |
|---|
| Descrição | The application does not enforce proper server-side role validation on the add_user.php endpoint. A low-privileged authenticated user can directly access the user creation page and successfully create new standard user accounts. The system fails to verify whether the authenticated session has administrative privileges before processing the request. Although administrator accounts cannot be created, unauthorized user creation is still permitted. |
|---|
| Fonte | ⚠️ https://github.com/hiranerakkot/Pet-Grooming-Software/blob/main/Vulnerability_1.md |
|---|
| Utilizador | Hiran (UID 95719) |
|---|
| Submissão | 25/02/2026 12h52 (há 2 meses) |
|---|
| Moderação | 07/03/2026 19h11 (10 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 349715 [SourceCodester Pet Grooming Management Software 1.0 User Creation add_user.php Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|