| Название | Best Fee Management System Improper Access Control vulnerable leads to system takeover |
|---|
| Описание | An Attacker without access to the system can add himself/herself as the system administrator, attacker can then manipulate system data. In admin_class.php file
the save_user function lacks of acess check.
Vendor
SourceCodester
Version
The software is unversioned as of now (2023/7/10). Below is the tested version download link.
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/click_fees_0.zip |
|---|
| Источник | ⚠️ https://github.com/movonow/demo/edit/main/click_fees.md |
|---|
| Пользователь | zhangguohu (UID 30684) |
|---|
| Представление | 10.07.2023 16:09 (3 лет назад) |
|---|
| Модерация | 10.07.2023 19:16 (3 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 233450 [SourceCodester Best Fee Management System 1.0 Add User admin_class.php save_user эскалация привилегий] |
|---|
| Баллы | 20 |
|---|