CRMEB-KY Improper Authorization Vulnerability in User Address Management

A vulnerability exists in CRMEB versions through 5.6.1, specifically within the 'editAddress' function of 'app/services/user/UserAddressServices.php'. This issue allows for horizontal privilege escalation via an Insecure Direct Object Reference (IDOR) by manipulating the 'id' parameter. The vulnerability arises because the application fails to properly verify the ownership of the address being modified or deleted, assuming it belongs to the authenticated user. As a result, an attacker can remotely exploit this flaw to alter or remove any user's address.

Impact

Exploitation of this vulnerability allows authenticated users to modify or delete addresses belonging to other users, potentially leading to unauthorized changes in user data or address management.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/address/edit' endpoint with an 'id' parameter set to the address ID of a different user. The request must include the necessary authorization headers and can be sent in JSON format. The 'editAddress' function will incorrectly authorize the request, allowing the address to be modified or deleted.