CVE-2022-30495

Name of the Vulnerable Software and Affected Versions oretnom23 Automotive Shop Management System version 1.0

Description The issue concerns a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), allowing attackers to perform vertical privilege escalation by changing the admin password. This is achieved through the name id parameter.

Recommendations For oretnom23 Automotive Shop Management System version 1.0, consider restricting access to the name id parameter to prevent unauthorized changes to the admin password until a fix is available. As a temporary workaround, limit the ability to change the admin password to minimize the risk of exploitation.