Description: Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.
Vulnerable Product Version: Book Store Management System v1.0
CVE Author: Geraldo Alcântara
Date: 29/11/2023
Confirmed on: 15/12/2023
CVE: CVE-2023-49543
Tested on: Windows
Impact: Unauthorized users can modify passwords and user attributes, leading to account takeover.
Unauthorized access to any page of the application and performing unrestricted actions is possible. You can simply access the "/bsms_ci/index.php/user" page and create, edit, or delete users, for example.
Discoverer(s)/Credits:
Geraldo Alcântara