Reseller role allowed to access to admin functionalities

Main / Reseller role allowed to access to admin functionalities

Discription

# Description
The reseller user can access to some admin functionality just directly accessing to it by URL, even though the menu shouldn’t allow it.

# Proof of Concept
– Go to https://v2.demo.froxlor.org
– Login as “`reseller1“`
– Point to:
“`
https://v2.demo.froxlor.org/admin_opcacheinfo.php?page=showinfo
https://v2.demo.froxlor.org/admin_mysqlserver.php?page=mysqlserver
https://v2.demo.froxlor.org/admin_cronjobs.php?page=overview
“`Read More

References

Back to Main

Subscribe for the latest news: