Affected Component
Description
In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows lower privileged users to modify user permissions to higher privilege.
Steps to reproduce
Login as a low privileged user
Navigate to below mentioned endpoint
"/admin/?page=user/list"
User will be able to access "User List" and there choose any user and click on action and select edit
Next, change Login type to administrator and save
Impact
Access control bypass leads to modification of user settings and permissions.