PT-2022-12553 · Unknown · Sourcecodester Vehicle Service Management System

P.L. Sanu

Published

2022-01-06

Updated

2022-07-12

CVE-2021-46075

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sourcecodester Vehicle Service Management System version 1.0

Description A Privilege Escalation issue exists, allowing staff account users to access admin resources and perform CRUD operations.

Recommendations For Sourcecodester Vehicle Service Management System version 1.0, consider restricting access to admin resources to prevent unauthorized CRUD operations until a patch is available. As a temporary workaround, limit the privileges of staff account users to minimize the risk of exploitation.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-46075

Affected Products

Sourcecodester Vehicle Service Management System

PT-2022-12553 · Unknown · Sourcecodester Vehicle Service Management System

CVE-2021-46075

Weakness Enumeration

Related Identifiers

Affected Products

References · 6