SourceCodester Pet Grooming Management Software Improper Authorization Vulnerability in User Creation Component

A vulnerability exists in SourceCodester Pet Grooming Management Software version 1.0, specifically within the user creation feature handled by add_user.php. This vulnerability allows low-privileged authenticated users to create new standard user accounts without proper authorization checks. The application fails to verify if the user has administrative rights before processing account creation requests. While it is not possible to create administrator accounts, the lack of validation still permits unauthorized user account creation, potentially leading to account misuse or spam.

Impact

Exploitation of this vulnerability allows for unauthorized user account creation, disrupting the integrity of the user management system and potentially leading to account spamming or misuse.

Reproduction

To reproduce this vulnerability, log in with normal user credentials and navigate to add_user.php. Once on the user creation page, fill out the required fields and submit the form. A new user account will be created successfully, demonstrating the lack of proper authorization checks.