Vulnerabilities > CVE-2021-46075 - Missing Authorization vulnerability in Vehicle Service Management System Project Vehicle Service Management System

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

vehicle-service-management-system-project

CWE-862

NVD

Published: 2022-01-06

Updated: 2024-11-21

Summary

A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources and perform CRUD Operations.

Vulnerable Configurations

Part	Description	Count
Application	Vehicle_Service_Management_System_Project Vehicle Service Management System Project Vehicle Service Management System *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-Privilege-Escalation-Leads-to-CRUD-Operations
https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-Privilege-Escalation-Leads-to-CRUD-Operations
https://www.plsanu.com/vehicle-service-management-system-multiple-privilege-escalation-leads-to-crud-operations
https://www.plsanu.com/vehicle-service-management-system-multiple-privilege-escalation-leads-to-crud-operations