From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: #393532 2. Vulnerability Name: GitHub Insurance Management System 1.0 Improper Access Controls 3. Vulnerability Description: - Title: Improper Access Controls in GitHub Life Insurance Management System 1.0 - Description: - The LIMS (Life Insurance Management System) includes an endpoint named , which allows users to edit payment records. - Payment records are accessed and modified via the parameter in the URL, which corresponds to payment records in the backend database. - The author discovered that the application does not properly enforce access control checks on the parameter. By modifying the parameter to reference a payment record that should not be editable (e.g., belonging to another user or marked as read-only), unauthorized users can access and modify the data of that payment record. 4. Reproduction Steps: - Log in to LIMS and navigate to the payment section ( ). - Find an editable payment record and note its value. - Find a non-editable payment record and note its value. - Replace the of the editable record with the of the non-editable record and press Enter. - Observe whether the system allows access and editing of the non-editable payment record. - Make changes to the payment record and save them. 5. Impact: - Attackers can modify payment records that should be restricted or read-only. - Gain unauthorized access to other users’ payment records. - May lead to financial and data integrity issues. - The impact of the vulnerability may vary depending on the sensitivity of the payment data and the actions unauthorized users can perform. This information provides a detailed description of the vulnerability’s nature, reproduction steps, and potential impact, aiding in understanding its severity and exploitation.