Tutorials-Website Employee Management System IDOR Vulnerability in Update User Admin Privilege Escalation

A critical Insecure Direct Object Reference (IDOR) vulnerability has been identified in Tutorials-Website Employee Management System version 1.0. The issue resides in the admin/update-user.php file, where improper authorization allows remote attackers to manipulate user data. This vulnerability could lead to unauthorized access, data manipulation, account takeover, and privilege escalation by allowing attackers to change user roles or passwords.

Impact

Exploitation of this vulnerability could result in unauthorized access to admin and employee accounts, allowing attackers to modify tasks, verification information, and leave data. Such actions could disrupt company operations and damage its reputation.

Reproduction

To reproduce this vulnerability, access the /admin/update-user.php endpoint without any administrative privileges. The vulnerable file does not require admin access, allowing unauthorized users to send requests that include user IDs and data to be updated. By changing the user ID parameter to that of an existing account, it's possible to escalate privileges or take over the account by, for example, changing the role to administrator or altering the password.