{"id":350,"date":"2023-05-23T12:06:57","date_gmt":"2023-05-23T12:06:57","guid":{"rendered":"https:\/\/nobugescapes.com\/?p=350"},"modified":"2023-08-12T13:39:25","modified_gmt":"2023-08-12T13:39:25","slug":"privilege-escalation-in-bio-star-2-exploitable-through-batch-edit-option","status":"publish","type":"post","link":"https:\/\/nobugescapes.com\/blog\/privilege-escalation-in-bio-star-2-exploitable-through-batch-edit-option\/","title":{"rendered":"Privilege Escalation in Bio star 2 Exploitable through Batch Edit Option"},"content":{"rendered":"\n
CVE-2023-XXXX<\/p>\n\n\n\n
The Bio star 2 web application contains multiple operator levels, each with different privileges. The “Administrator” level has full permissions, while the “User Operator” level does not have all privileges. However, I have discovered a vulnerability that allows an attacker to escalate their privilege from “User Operator” to “System Administrator.” Exploiting this vulnerability requires the attacker to be authenticated and logged in as a “User Operator” on the target website.<\/p>\n\n\n\n