This exploit demonstrates a privilege escalation vulnerability in PHPfileNavigator v2.3.3 by submitting a crafted POST request to the user management endpoint, allowing a regular user to elevate their privileges to an administrator. The exploit requires knowledge of the target user's ID and leverages insecure parameter handling in the application.
Classification
Working Poc 95%
Target:
PHPfileNavigator v2.3.3
Auth required
Prerequisites:
Valid user account with known 'id_usuario' · Access to the vulnerable endpoint