From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Title: Code4Berry Decoration Management System 1.0 Improper Handling of Insufficient Privileges - Description: - Accessing the endpoint allows regular users to register new users, including administrators and super administrators, thereby escalating their privileges by creating new users with full permissions. - This functionality is unnecessary, as regular users already possess super administrator privileges, only lacking the sidebar menu links to access these functions. - The endpoint also permits regular users to delete any user's profile, including those of administrators and super administrators. - There is also a feature to restore banned user profiles, but this feature is restricted to super administrators and is inherently flawed in its implementation. 2. Submission Information: - Submitted by: scumdestroy (UID 48934) - Submission Time: November 12, 2024, 04:43 AM - Status: Accepted - VulDB Entry: 285500 [Code4Berry Decoration Management System 1.0 User userregister.php permission] 3. Vulnerability Type: - Type: Privilege Escalation (Improper Handling of Insufficient Privileges) 4. Impact: - Affected Endpoint: - Affected Functions: User registration, deletion of user profiles, restoration of banned user profiles 5. Exploitation: - Exploitation Method: Regular users can escalate their privileges by accessing the endpoint, including gaining administrator and super administrator rights. This information helps in understanding the nature, scope of impact, and exploitation method of the vulnerability.