| Title | SourceCodester Pet Grooming Management Software 1.0 Improper Authorization |
|---|
| Description | The application fails to enforce server-side role-based access control on financial reporting endpoints. A low-privileged authenticated user can access and view sensitive financial data, including tax reports, profit reports, invoice details, and user reports. The system does not validate user role before rendering these pages. |
|---|
| Source | ⚠️ https://github.com/hiranerakkot/Pet-Grooming-Software/blob/main/Vulnerability_2.md |
|---|
| User | Hiran (UID 95719) |
|---|
| Submission | 02/25/2026 12:55 (2 months ago) |
|---|
| Moderation | 03/07/2026 19:11 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 349716 [SourceCodester Pet Grooming Management Software 1.0 Financial Report Page improper authorization] |
|---|
| Points | 18 |
|---|