提交 #846833: SourceCodester Multi-Vendor Online Grocery Management System 1.0 Improper Authorization信息

标题SourceCodester Multi-Vendor Online Grocery Management System 1.0 Improper Authorization
描述 A vulnerability was found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. It has been classified as critical. The cancel_order() function in classes/Master.php accepts an order id from POST data and updates its status without verifying the order belongs to the current user. Any authenticated client can cancel any order in the system by supplying an arbitrary order ID. POST /mvogms/classes/Master.php?f=cancel_order id=2 Response: {"status":"success","msg":" Order has been cancelled successfully."}
来源⚠️ https://github.com/lee945/cve/issues/4
用户
 cHr1s (UID 98736)
提交2026-06-03 13時55分 (1 月前)
管理2026-07-04 06時59分 (1 month later)
状态已接受
VulDB条目376289 [SourceCodester Multi-Vendor Online Grocery Management System 1.0 classes/Master.php cancel_order 权限提升]
积分20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!