LalanaChami Pharmacy Management System Privilege Escalation Vulnerability

A vulnerability in the LalanaChami Pharmacy Management System, specifically in commit 5c3d028, allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The issue arises because the /api/user/signup endpoint does not properly validate the role parameter in the request body. Additionally, the application exposes several critical API endpoints without authentication, enabling unauthorized access to sensitive data and operations.

Impact

Exploitation of this vulnerability could lead to unauthorized access to administrative privileges, allowing attackers to manipulate user roles and access sensitive data. Furthermore, according to the vendor, this vulnerability could be exploited to access and modify healthcare-related information, potentially violating HIPAA regulations.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /api/user/signup endpoint with a self-assigned administrative role. The request will be accepted without proper validation, granting the attacker administrative privileges.

Remediation

To address this vulnerability, authentication middleware should be added to the /api/user/signup endpoint to validate user roles before granting privileges. Additionally, all critical API endpoints should be secured with authentication to prevent unauthorized access.