Lucene search
Lujiefsi65D260CC-55A9-4E71-888D-CB2F66C071AFHistoryJun 05, 2023 - 6:07 a.m.
we can still send the photo as greeting card even the albums is locked
2023-06-0506:07:05
lujiefsi
www.huntr.dev
6
unauthorized access
photo sharing
security vulnerability
user manipulation
0.001 Low
EPSS
Percentile
23.5%
1 admin create a album and upload a photo
2 member-1 login and send the photo as greeting card to member-2
3 member-1 use burpsuite hijack the request, which can be like
POST /adm_program/modules/ecards/ecard_send.php HTTP/1.1
....
admidio-csrf-token=5MWloNNqzipYc1YKQVvW2pDMkSBmn7&submit_action=&photo_uuid=bb7538ba-6d68-443d-b769-dddac4aa3021&photo_nr=1&ecard_template=postcard.tpl&ecard_recipients%5B%5D=4&ecard_message=%3Cp%3Etest%3C%2Fp%3E%0D%0A&btn_ecard_submit=
4 admin lock the album, The album is currently locked and will not be shown to visitors for this reason.
5 however, user1 repeat the request and find that the photo is sent successfully.
Related
prion
prion
Improper access control
2023-06-23 13:15:00
osv
osv
Admidio Improper Access Control vulnerability
2023-06-23 15:30:43
CVE-2023-3303
2023-06-23 13:15:10
cvelist
cvelist
CVE-2023-3303 Improper Access Control in admidio/admidio
2023-06-23 00:00:00
nvd
nvd
CVE-2023-3303
2023-06-23 13:15:10
veracode
veracode
Improper Access Control
2023-06-29 08:04:37
cve
cve
CVE-2023-3303
2023-06-23 13:15:10
github
github
Admidio Improper Access Control vulnerability
2023-06-23 15:30:43
gitlab
gitlab
Improper Access Control
2023-06-23 00:00:00