Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in BSS Software Mobuy Online Machinery Monitoring Panel allows SQL Injection.This issue affects Mobuy Online Machinery Monitoring Panel: before 2.0.
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.
When a user can set a primary key to any value, then the user can modify the key to point to unauthorized records. Database access control errors occur when: