# Exploit Title: Computer Laboratory Management System v1.0 – Incorrect access control
# Date: 08 July 2024
# Exploit Author: Sampath kumar kadajari
# Vendor Homepage: https:\/\/www.sourcecodester.com\/php\/17268\/computer-laboratory-management-system-using-php-and-mysql.html
# Software Link: https:\/\/www.sourcecodester.com\/download-code?nid=17268&title=Computer+Laboratory+Management+System+using+PHP+and+MySQL
# Version: v1.0
# CVE: CVE-2024-41332
# Tested on: Windows, XAMPP, Apache, MySQL<\/p>\n
——————————————————————————————————————————————-<\/p>\n
Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to perform arbitrarily delete actions. <\/p>\n
“Vulnerable Code” \u2013 ( classes\/master.php)<\/p>\n
function delete_category(){
extract($_POST);
$del = $this->conn->query(“UPDATE `category_list` set `delete_flag` = 1 where id = ‘{$id}'”);
if($del){
$resp[‘status’] = ‘success’;
$this->settings->set_flashdata(‘success’,” Category successfully deleted.”);
}else{
$resp[‘status’] = ‘failed’;
$resp[‘error’] = $this->conn->error;
}
return json_encode($resp);
}<\/p>\n
—> Affected Component: http:\/\/localhost\/php-lms\/classes\/Master.php?f=delete_category<\/p>\n
“Fix for Vulnerable Code”:<\/p>\n
function delete_category(){
\/\/ Check if the user is logged in and has an admin role
if (!isset($_SESSION[‘userdata’][‘role’]) || $_SESSION[‘userdata’][‘role’] != ‘admin’) {
$resp[‘status’] = ‘failed’;
$resp[‘error’] = ‘Unauthorized access.’;
return json_encode($resp);
}<\/p>\n
\/\/ Proceed with the delete action if authorized
extract($_POST);
$del = $this->conn->query(“UPDATE `category_list` set `delete_flag` = 1 where id = ‘{$id}'”);
if($del){
$resp[‘status’] = ‘success’;
$this->settings->set_flashdata(‘success’,”Category successfully deleted.”);
}else{
$resp[‘status’] = ‘failed’;
$resp[‘error’] = $this->conn->error;
}
return json_encode($resp);
}<\/p>\n","protected":false},"excerpt":{"rendered":"
# Exploit Title: Computer Laboratory Management System v1.0 – Incorrect access control# Date: 08 July 2024# Exploit Author: Sampath kumar kadajari# Vendor Homepage: https:\/\/www.sourcecodester.com\/php\/17268\/computer-laboratory-management-system-using-php-and-mysql.html# Software Link: https:\/\/www.sourcecodester.com\/download-code?nid=17268&title=Computer+Laboratory+Management+System+using+PHP+and+MySQL# Version: v1.0# CVE: CVE-2024-41332# Tested on: Windows, XAMPP, Apache, MySQL ——————————————————————————————————————————————- Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-58595","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=58595"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/58595\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=58595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=58595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=58595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}