DATABASE RESOURCES PRICING ABOUT US

{"id": "315DED12-0F9D-4F8C-8B43-1715109B0056", "vendorId": null, "type": "huntr", "bulletinFamily": "bugbounty", "title": " in livehelperchat/livehelperchat", "description": "## Lack of server side validation (An admin can delete his/her account by bypassing client side validation)\n\n1.Login in application as admin.\n\n2.Nagiate to settings and create another user.\n\n3.Now see the list of user, an admin can only delete other user account rather than his/her.\n\n4.Click on delete and intercept the request and change the endpoint value to \"1\"\n\nfor example \"https://demo.livehelperchat.com/site_admin/user/delete/2/(csfr)/d2e8bf8a73d93418fd5874d7a512ad6d\"\n\nto \"https://demo.livehelperchat.com/site_admin/user/delete/1/(csfr)/d2e8bf8a73d93418fd5874d7a512ad6d\"\n\n5.And you will see the user account will get deleted.\n\n\n###### PS: I deleted the admin account during the testing\n\n\n", "published": "2022-01-16T17:57:41", "modified": "2022-01-17T05:22:51", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.huntr.dev/bounties/315ded12-0f9d-4f8c-8b43-1715109b0056/", "reporter": "takester", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-03-30T11:08:03", "viewCount": 3, "enchantments": {"score": {"value": 0.8, "vector": "NONE"}, "vulnersScore": 0.8}, "_state": {"score": 1659858195, "dependencies": 1660012827, "epss": 1679179654}, "_internal": {"score_hash": "22294327ac7383e4b64edfbe5d62dc63"}, "status": "valid", "cwe_id": "1173", "repository": "https://github.com/livehelperchat/livehelperchat", "language": "PHP", "patch_commit_sha": "78413af0b2fdb2b8c3e7423ceb6bccab4fe27971"}

{}