| Title | Best Fee Management System Improper Access Control vulnerable leads to system takeover |
|---|
| Description | An Attacker without access to the system can add himself/herself as the system administrator, attacker can then manipulate system data. In admin_class.php file
the save_user function lacks of acess check.
Vendor
SourceCodester
Version
The software is unversioned as of now (2023/7/10). Below is the tested version download link.
https://www.sourcecodester.com/sites/default/files/download/mayuri_k/click_fees_0.zip |
|---|
| Source | ⚠️ https://github.com/movonow/demo/edit/main/click_fees.md |
|---|
| User | zhangguohu (UID 30684) |
|---|
| Submission | 07/10/2023 16:09 (3 years ago) |
|---|
| Moderation | 07/10/2023 19:16 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 233450 [SourceCodester Best Fee Management System 1.0 Add User admin_class.php save_user access control] |
|---|
| Points | 20 |
|---|