PHPGurukul Small CRM Missing Authorization Vulnerability in Admin User Edit Function

A critical vulnerability exists in PHPGurukul Small CRM version 4.0, specifically within the admin user edit function. This vulnerability arises from a lack of proper authorization checks, allowing authenticated users to access administrative features by simply navigating to relevant admin URLs. The absence of role verification enables unauthorized access to sensitive data and administrative functions, facilitating a complete privilege escalation. Exploitation of this vulnerability could lead to unauthorized modifications of user data and a compromise of the entire system.

Impact

Exploitation allows authenticated users with low-level privileges to gain full administrative access, view and modify all user data, escalate privileges, and compromise the entire system.

Reproduction

To reproduce this vulnerability, log in as a regular user and navigate to the admin edit user page. The application will display the admin content without any role verification, granting full administrative capabilities. Alternatively, this vulnerability can be exploited by intercepting and modifying the request to include admin URLs, such as '/crm/admin/home.php' or '/crm/admin/edit-user.php'.

Remediation

It is recommended to implement role-based access control by verifying user roles before granting access to administrative functions. Additionally, user roles should be stored in the session during authentication and a centralized authorization function should be used to apply the principle of least privilege.