Submit #703879: haxxorsid stock-management-system 1.0 Improper Access Controlsinfo

Titlehaxxorsid stock-management-system 1.0 Improper Access Controls
Descriptionhaxxorsid/stock-management-system is an application developed based on MVC pattern, but the application only sets the permission control mechanism in the view layer, and does not set the permission control in the controller layer. As a result, unauthorized users can directly access controller's interface through apis to obtain sensitive application information or perform sensitive operations.
Source⚠️ https://github.com/ixpqxi/CVE_LIST/blob/master/stock_management_system/access_control_vulnerability.md
User
 ixpqxi (UID 83247)
Submission12/01/2025 03:57 (6 months ago)
Moderation12/12/2025 12:14 (11 days later)
StatusAccepted
VulDB entry336191 [haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0 /api/employees missing authentication]
Points19

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!