CouchCMS Privilege Escalation Vulnerability Allowing Unauthorized SuperAdmin Account Creation

A privilege escalation vulnerability has been identified in CouchCMS versions through 2.4.0. This vulnerability allows authenticated Admin-level users to create SuperAdmin accounts by manipulating the 'f_k_levels_list' parameter in user creation requests. By changing the parameter value from 4 to 10, users can bypass authorization checks and gain full control of the application, violating the intended restrictions on SuperAdmin account creation and privileges.

Impact

Exploitation of this vulnerability allows Admin users to create SuperAdmin accounts, thereby gaining unrestricted access to the application.

Reproduction

To reproduce this vulnerability, log into CouchCMS as an Admin user. Navigate to the 'Users' section and attempt to add a new user. Intercept the request using Burp Suite and modify the 'f_k_levels_list' parameter value from 4 to 10 before forwarding the request. Once the request is processed, the new user will be granted SuperAdmin privileges, which is not allowed by the application's default user management rules.