Primary

Context

CodeAstro Complaint Management System Privilege Escalation Vulnerability Allowing Unauthorized Deletion of Complaints

Vulnerability

A vulnerability in CodeAstro Complaint Management System version 1.0 allows unauthorized deletion of complaints through improper access control in the /admin/m_delete.php endpoint. Attackers can exploit this issue by manipulating the id parameter, enabling arbitrary deletion of complaints without the need for a valid session or privileges.

Impact

Exploitation of this vulnerability leads to unauthorized mass deletion of complaints.

Reproduction

To reproduce this vulnerability, access the admin directory to find the m_delete.php endpoint. Once located, modify the id parameter with different values to delete complaints. This can be done without any authentication or authorization, as the endpoint lacks proper access controls. Tools like Burp Suite or OWASP ZAP can be used to automate the discovery of the id parameter.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

9.5

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

0.6

exploitability

9.5

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CodeAstro Complaint Management System Privilege Escalation Vulnerability Allowing Unauthorized Deletion of Complaints

Vulnerability

Impact

Reproduction

Affected Products

CodeAstro Complaint Management System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating