Authored by Akash Pandey

Lost and Found Information System version 1.0 allows a staff level user to adjust administrative controls.

advisories | CVE-2023-3018

Vulnerability: Broken Access Control
Author: Akash Pandey
CVE: CVE-2023-3018

*Steps to re-produce*:

1. Go to as staff user.

2. Notice that as a staff user I am able to access admin functionalities.

3. Now as a staff I am able to edit admin user’s password