Improper Authorization leads to privilege escalation in limesurvey/limesurvey
Jun 15th 2023
The application improperly performs user authorization, resulting in a user with the user management role being able to modify their own permissions or those of others.
Proof of Concept
Step1: The highest-level administrator or an administrator with the permission to create roles creates a role named 'super admin' with full privileges
Step2: The user has the authority to manage users and can modify their own role by opening the Inspector window and removing the 'disable' class.
Step3: Selects the 'super admin' role and clicks save. The user's permissions have now been changed.
The user with the user management role can change the role of anyone, including themselves.