Modify User Check
Status: Pre-Alpha
Brought to you by:
arice
Menu
▾
▴
#9 Modify User Check
Currently, there is a security gap allowing almost anyone to update another user's account, passing only minimal security checks against the agent's session info and his / her account info prior to executing database query in the UPDATE case, PROFILE fr in dir/usercp/modify.php.
There should be a check somewhere before the database query is executed to make sure access levels match, etc.