| Title | SOURCECODESTER Auto Dealer Management System 1.0 / list.php , manage_user.php Broken Access Control Vulnerability |
|---|
| Description | Auto Dealer Management System list.php and manage_user.php have broken access control vulnerability, which could allow a low-privileged user to change any user password.
Vendor Homepage:
https://www.sourcecodester.com
Software Link:
Auto Dealer Management System (https://www.sourcecodester.com/php/15371/auto-dealer-management-system-phpoop-free-source-code.html)
Version:
v 1.0
Affected Page:
list.php , manage_user.php
On these pages, the application isn't verifying the authorization mechanism. Due to that, all the parameters are vulnerable to broken access control and the low-privilege user could view the list of users and change any user password to access it.
Description:
Broken access control allows the low-privilege attacker to change the password of all application users
Proof of Concept:
The following steps are involved:
- Visit the vulnerable page: ?page=user/list
- Click on Action and Edit the password of Admin
- Update the Password and Submit
- Password successfully changed
Recommendation:
Whoever uses this CMS, should update the authorization mechanism on top of the list.php , manage_user.php pages as per requirement to avoid a Broken Access Control attack: |
|---|
| Source | ⚠️ https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Auto%20Dealer%20Management%20System%20-%20Broken%20Access%20Control.md |
|---|
| User | navaidansari (UID 41266) |
|---|
| Submission | 02/18/2023 20:48 (3 years ago) |
|---|
| Moderation | 02/19/2023 09:10 (12 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 221491 [SourceCodester Auto Dealer Management System 1.0 /adms/classes/Users.php access control] |
|---|
| Points | 20 |
|---|