Gửi #846833: SourceCodester Multi-Vendor Online Grocery Management System 1.0 Improper Authorizationthông tin

tiêu đềSourceCodester Multi-Vendor Online Grocery Management System 1.0 Improper Authorization
Mô tả A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. It has been classified as critical. The cancel_order() function in classes/Master.php accepts an order id from POST data and updates its status without verifying the order belongs to the current user. Any authenticated client can cancel any order in the system by supplying an arbitrary order ID. POST /mvogms/classes/Master.php?f=cancel_order id=2 Response: {"status":"success","msg":" Order has been cancelled successfully."}
Nguồn⚠️ https://github.com/lee945/cve/issues/4
Người dùng
 cHr1s (UID 98736)
Đệ trình03/06/2026 13:55 (cách đây 1 tháng)
Kiểm duyệt04/07/2026 06:59 (1 month later)
Trạng tháiđược chấp nhận
Mục VulDB376289 [SourceCodester Multi-Vendor Online Grocery Management System 1.0 classes/Master.php cancel_order nâng cao đặc quyền]
điểm20

Want to know what is going to be exploited?

We predict KEV entries!