Augmentt Web Application Privilege Escalation Vulnerability

A vulnerability exists in the Augmentt web application that allows standard users to escalate their privileges to that of a super administrator. This is achieved through parameter manipulation, which enables access to and modification of sensitive information. The vulnerability affects an unknown version of the application, released prior to October 2025.

Impact

Exploitation of this vulnerability allows standard users to gain unauthorized access to administrative functions, expose admin-related information, and modify data.

Reproduction

To reproduce this vulnerability, log in as a standard user and navigate to the 'Support' menu under 'Management'. Intercept the HTTP response using a proxy tool, then modify the permission parameter before forwarding the response.

Remediation

The server should verify the authenticated user's role and permissions against a secure backend database, enforcing access rules based on this verified data. API endpoints linked to menu items must perform mandatory access checks before processing any data.