| Title | Sourcecodester Employee Management System 1.0 Broken Access Control |
|---|
| Description | Multiple Authenticated Broken Access control Only administrators are allowed to decline or approved a Leave request but we due to weak security measures implemented I was able to decline and accept a request for leave as a employee user. |
|---|
| Source | ⚠️ https://github.com/jomskiller/Employee-Managemet-System---Broken-Access-Control |
|---|
| User | jomskiller (UID 62271) |
|---|
| Submission | 01/25/2024 04:42 (2 years ago) |
|---|
| Moderation | 01/29/2024 08:15 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 252280 [SourceCodester Employee Management System 1.0 Leave delete-leave.php ID access control] |
|---|
| Points | 16 |
|---|