Asp.Net-Core-Inventory-Order-Management-System Broken Access Control & Privilege Escalation

From the provided webpage screenshots, the following key vulnerability information can be extracted, presented in concise Markdown format: Vulnerability Overview Vulnerability Name: Asp.Net-Core-Inventory-Order-Management-System Broken Access Control Allows Authenticated Privilege Escalation via Improper Session Handling CVSS v3.1 Score: 8.8 (High) Affected Product: Asp.Net-Core-Inventory-Order-Management-System Vulnerability Type: - Broken Access Control - Privilege Escalation - Missing Server-Side Authorization Enforcement Scope of Impact Affected Versions: v9.20250118 and earlier Last Known Vulnerable Commit: 791cf22f9ed614f839c5c77324ebc937b7f7e789 Fixed Version: No fixed version currently available Vulnerability Details Description: Low-privilege users can access and manipulate protected administrative interfaces by bypassing client-side redirects and server-side validation, thereby initiating privilege escalation attacks. Exploitation Method: Attackers can utilize the browser's Back button or JavaScript pause functionality to interrupt the client-side redirection process, making previously loaded administrative page content accessible again. Affected Endpoints: , , Technical Details: The application renders privileged administrative content before performing authorization checks and allows authenticated users to re-access protected administrative interfaces via back-navigation or similar functions after a redirect. Disclosure Timeline and Recommended Remediation Disclosure Date: 2026-02-09 Recommended Remediation Measures: - Strengthen server-side authorization checks - Prevent rendering of sensitive content prior to validation - Implement robust Role-Based Access Control (RBAC) - Eliminate over-reliance on client-side redirection logic Impact Assessment Due to this vulnerability, attackers can gain unauthorized access to sensitive operations, including viewing all users, creating/deleting accounts, resetting passwords, and approving accounts, posing a significant threat to the system's security and integrity. The above information can assist system administrators and developers in understanding the nature of this vulnerability, its scope of impact, and how to effectively patch it.

Goal Reached Thanks to every supporter — we hit 100%!

Asp.Net-Core-Inventory-Order-Management-System Broken Access Control & Privilege Escalation

More from this source