Account Takeover Via Modifying Email ID — Codeigniter Framework Through 3.0.0

Vulnerable Product Codeigniter 3.0.0 (Authentication) Web Application Framework

Vulnerability Type — Insecure Permissions

Affected Component — Login page form.

Attack Type — Remote

Impact Escalation of Privileges — true

Core Authentication Features

Login Page
User Role After Login
Attackers Email ID with Response.
Victim Email ID with Response.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store