CVE-2024-54818

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-54818

CWE

https://cwe.mitre.org/data/definitions/281.html

SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list.

Weakness

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Affected Software

Name	Vendor	Start Version	End Version
Computer_laboratory_management_system	Oretnom23	1.0 (including)	1.0 (including)

References

https://github.com/CloseC4ll/vulnerability-research/tree/main/CVE-2024-54818
https://portswigger.net/web-security/access-control#how-to-prevent-access-control-vulnerabilities

Improper Preservation of Permissions

Weakness

Affected Software

References