Headline
CVE-2022-2702: Company-Website-CMS/Company Website CMS-Unauthorized Access.md at main · Jamison2022/Company-Website-CMS
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability.
Company Website CMS Dashboard Exists Unauthorized Access Vulnerability
Company Website CMS Released by SourceCodester Has Unauthorized Access Vulnerability
The background of the site is /dashboard, which requires login to access. In the background, operations such as publishing articles, uploading files, changing websites, and deleting information can be performed. However, the site has an unauthorized access vulnerability, and any operations can still be performed after deleting cookies.
How to test: Log in to /dashboard to do anything like modify Site Settings, then delete cookies and try again.
Take Site settings as an example:
To modify the site title
Modify Site Title to 123
Delete the cookie, then modify the Site Title to 456
After deleting the cookie, the modification is still successful.
Code analysis
Let’s take a look at /dashboard/index.php first:
The /dashboard/ndex.php page first contains the header.php page, and then gets the username through $_SESSION.
$username on the index.php page is only used to output the username.
Let’s look at the header.php page:
if username session is NOT set then this page will jump to login page
Let’s look at the code for Site Settings, which is site-settings.php
As you can see, this page does not do any verification for user identity.
The same is true for the rest of the dashboard pages.
Link
https://www.sourcecodester.com/php/15517/company-website-cms-php.html