Code-Projects Invoice System in Laravel Broken Access Control and Privilege Escalation Vulnerability

A vulnerability exists in Code-Projects Invoice System version 1.0, specifically within the User Management component. The issue arises from improper authorization in the '/user' endpoint, which can be accessed without admin privileges. This flaw allows users to create or modify accounts with administrative roles, leading to unauthorized access to admin functions. The vulnerability can be exploited remotely, and a public exploit is available.

Impact

Exploitation of this vulnerability allows for privilege escalation, enabling users to gain administrative rights on their accounts. It also facilitates the modification of existing users' roles to elevated permissions, potentially leading to unauthorized access to all administrative functions.

Reproduction

To reproduce this vulnerability, send a POST request to the '/user' endpoint without admin privileges. Include a payload that specifies a role of 'admin'. The absence of server-side checks will allow the role assignment to be processed, effectively escalating privileges to an administrative level.

Remediation

It is recommended to enforce proper authorization checks on the '/user' routes, ensuring that only admin users can access them. Additionally, the application should validate or restrict the 'role' input to prevent unauthorized role assignments.