SourceCodester Client Database Management System Unauthenticated Privilege Escalation Vulnerability

A broken access control vulnerability has been identified in SourceCodester Client Database Management System (CDMS) version 1.0. The issue resides in the file '/fetch_manager_details.php' within the Endpoint component, where improper authorization is granted through manipulation of the 'manager_id' argument. This vulnerability allows unauthenticated attackers to access sensitive internal data, delete manager records, and create new sales agent records, potentially leading to a full system compromise.

Impact

Exploitation of this vulnerability allows for unauthenticated privilege escalation, enabling attackers to bypass authorization checks and perform actions reserved for higher-level users, such as deleting managers or creating sales agents.

Reproduction

The vulnerability can be reproduced by sending a request to the '/cdm/fetch_manager_details.php' endpoint with a 'manager_id' parameter. This will trigger the improper authorization and disclose internal manager and agent data without authentication. Additionally, the '/cdm/superadmin_delete_manager.php' endpoint can be used to delete manager records, and the '/cdm/superadmin_sales_agent_create.php' endpoint can be used to create new sales agent records, all without authentication.

Remediation

No specific mitigation is known for this vulnerability.