Description: Privilege Escalation Vulnerability due to the session validation weakness
The Profile function in CuppaCMS before 31 Jan 2021 has a privilege escalation vulnerability due to the session validation weakness. Attacker could escalate their privilege to Super Admin by tampering the HTTP Request, then to obtain full control of the CuppaCMS.
** Proof of Concept**
Step 1: Access the profile function with a low privilege account
Step 2: Add the user_group_id_field as one of the POST parameter, and set the value to "1"
Original Request
Edited Request: added the "user_group_id_field" parameter as highlighted
Response: 2 means successfully updated the record
Step 3: Re-login the account, and obtained super admin privilege
The text was updated successfully, but these errors were encountered:
Description: Privilege Escalation Vulnerability due to the session validation weakness
The Profile function in CuppaCMS before 31 Jan 2021 has a privilege escalation vulnerability due to the session validation weakness. Attacker could escalate their privilege to Super Admin by tampering the HTTP Request, then to obtain full control of the CuppaCMS.
** Proof of Concept**

Step 1: Access the profile function with a low privilege account
Step 2: Add the user_group_id_field as one of the POST parameter, and set the value to "1"



Original Request
Edited Request: added the "user_group_id_field" parameter as highlighted
Response: 2 means successfully updated the record
Step 3: Re-login the account, and obtained super admin privilege

The text was updated successfully, but these errors were encountered: