| Название | SourceCodester Invoice-System 1.0 Broken Access Control |
|---|
| Описание | Vulnerable Endpoint:
/home.php, /category.php, /state.php, /cpyprofile.php
Vulnerability Description:
Several pages intended for administrative use are protected only by navigation logic. The backend checks only for a valid session, not for an administrative role, and enables inline editing for customers, categories, states, and company profile data.
Any authenticated user can access these endpoints directly and alter core business records. |
|---|
| Источник | ⚠️ https://gist.github.com/c4ttr4ck/db84fc2af3e542acf1eab685264bcfc1 |
|---|
| Пользователь | c4ttr4ck (UID 75518) |
|---|
| Представление | 26.04.2026 23:13 (1 месяц назад) |
|---|
| Модерация | 24.05.2026 08:38 (27 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 365393 [SourceCodester Indian Invoicing System 1.0 Backend Endpoint эскалация привилегий] |
|---|
| Баллы | 20 |
|---|