Home Tools Exploits & CVE's Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

June 1, 2023

481

Lost and Found Information System version 1.0 allows a staff level user to adjust administrative controls.

advisories | CVE-2023-3018

Vulnerability: Broken Access Control
Author: Akash Pandey
CVE: CVE-2023-3018
Source:
https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html

*Steps to re-produce*:

1. Go to https://site.com/admin/?page=user/list as staff user.

2. Notice that as a staff user I am able to access admin functionalities.

3. Now as a staff I am able to edit admin user’s password

POC:

https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450d

Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

Follow us on Instagram @thecyberpost

EDITOR PICKS

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

Gambio Online Webshop 4.9.2.0 Remote Code Execution

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

GNOME Files 43.4 Privilege Escalation

HP OfficeJet 4630/7110 MYM1FN2025AR 2117A Cross Site Scripting

BuilderOrcus Insecure Permissions