Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation

🗓️ 31 May 2023 00:00:00Reported by Akash PandeyType

packetstorm🔗 packetstormsecurity.com👁 295 Views

Lost And Found Information System 1.0 Broken Access Contro

Reporter	Title	Published	Views	Family All 12
0day.today	Lost And Found Information System 1.0 Broken Access Control / Privilege Escalation Vulnerability	31 May 202300:00	–	zdt
CNNVD	Lost and Found Information System 访问控制错误漏洞	31 May 202300:00	–	cnnvd
CVE	CVE-2023-3018	31 May 202314:31	–	cve
CVE	CVE-2023-977966	20 Dec 202300:00	–	cve
Cvelist	CVE-2023-3018 SourceCodester Lost and Found Information System access control	31 May 202314:31	–	cvelist
EUVD	EUVD-2023-43710	3 Oct 202520:07	–	euvd
NVD	CVE-2023-3018	31 May 202315:15	–	nvd
OSV	CVE-2023-3018	31 May 202315:15	–	osv
Prion	Improper access control	31 May 202315:15	–	prion
Positive Technologies	PT-2023-22568 · Sourcecodester · Sourcecodester Lost/Found Information System	31 May 202300:00	–	ptsecurity

`Vulnerability: Broken Access Control  
Author: Akash Pandey  
CVE: CVE-2023-3018  
Source:  
https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html  
  
*Steps to re-produce*:  
  
1. Go to https://site.com/admin/?page=user/list as staff user.  
  
2. Notice that as a staff user I am able to access admin functionalities.  
  
3. Now as a staff I am able to edit admin user’s password  
  
POC:  
  
https://medium.com/@akashpandey380/lost-and-found-information-system-v1-0-idor-cve-2023-977966c4450d  
`

31 May 2023 00:00Current

7.1High risk

Vulners AI Score7.1

EPSS0.00259