Adarsh007

**Name of the Vulnerable Software and Affected Versions** SourceCodester Client Database Management System version 1.0 **Description** A flaw exists in SourceCodester Client Database Management System that allows improper authorization. The issue is related to the manipulation of the `manager id` argument in the `/fetch manager details.php` file. This manipulation occurs within an unknown function. The attack can be initiated remotely. The exploit has been published. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Client Database Management System version 1.0 **Description** The software contains a flaw related to improper authorization. A manipulation of the `user id` argument in the `/superadmin user delete.php` endpoint can lead to unauthorized access. The exploit has been published. **Recommendations** Apply any available updates to address the improper authorization issue in the `/superadmin user delete.php` endpoint. As a temporary workaround, restrict access to the `/superadmin user delete.php` endpoint. Avoid using the `user id` parameter in the `/superadmin user delete.php` endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Client Database Management System versions 1.0 through 3.1 **Description** A flaw exists in the Endpoint component of the software, specifically within the `/superadmin delete manager.php` file. Improper authorization can be triggered by manipulating the `manager id` argument. This allows for remote exploitation. The exploit has been publicly disclosed. **Recommendations** Versions prior to 1.0 and 3.1 are not affected. Versions 1.0 and 3.1: Address improper authorization by carefully validating the `manager id` argument in the `/superadmin delete manager.php` file.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Client Database Management System version 1.0 **Description** An improper authorization issue exists in SourceCodester Client Database Management System version 1.0. The issue is related to an unknown function within the `/superadmin user update.php` file. This manipulation can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.