Security

up.time 7.5.0 Superadmin Privilege Escalation

Leave a comment

up.time suffers from a privilege escalation issue. A normal user can elevate his/her privileges by sending a POST request setting the parameter ‘userroleid’ to 1. Cross site request forgery can be used to exploit this attack.

Leave a Reply