CVE-2021-44582
📋 TL;DR
This vulnerability allows remote attackers to escalate privileges to Admin role in Sourcecodester Money Transfer Management System 1.0 by accessing any URL without proper authorization checks. It affects all installations of this specific version of the web application. Attackers can gain full administrative control over the money transfer system.
💻 Affected Systems
- Sourcecodester Money Transfer Management System
📦 What is this software?
Money Transfer Management System by Money Transfer Management System Project
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise where attackers gain admin access, manipulate financial transactions, steal sensitive data, and potentially pivot to other systems.
Likely Case
Attackers gain administrative privileges, allowing them to view/modify all financial transactions, user data, and system settings.
If Mitigated
With proper network segmentation and access controls, impact limited to the specific application instance.
🎯 Exploit Status
Simple forced browsing attack - no authentication required, just accessing admin URLs directly.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch available. Remove or replace the vulnerable software.
🔧 Temporary Workarounds
Implement proper authentication middleware
allAdd authentication checks to all admin URLs to verify user has admin role before granting access.
Modify PHP files to include session validation and role checking for all admin endpoints
Web server access controls
allUse .htaccess or web server configuration to restrict access to admin directories.
Order deny,allow
Deny from all
Allow from 192.168.1.0/24 # Restrict to internal IPs
🧯 If You Can't Patch
- Take system offline immediately and replace with secure alternative
- Implement strict network segmentation and firewall rules to limit access to the vulnerable system
🔍 How to Verify
Check if Vulnerable:
Attempt to access admin URLs (like /admin/dashboard.php) without authentication. If accessible, system is vulnerable.Check Version:
Check application files for version information, typically in config files or footerVerify Fix Applied:
Verify that all admin URLs now require proper authentication and return 403/redirect when accessed without admin privileges.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated access to admin URLs
- Multiple failed login attempts followed by direct admin URL access
- User privilege escalation in session logs
Network Indicators:
- HTTP requests to admin endpoints without preceding authentication requests
- Unusual admin URL access patterns from non-admin IPs
SIEM Query:
web.url contains "admin" AND NOT web.status = 403 AND NOT auth.user.role = "admin"🔗 References
- https://github.com/warmachine-57/CVE-2021-44582/blob/main/Privilege%20Escalation%20via%20Forced%20Browsing%20in%20Sourcecodester%20Money%20Transfer%20Management%20System
- https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html
- https://github.com/warmachine-57/CVE-2021-44582/blob/main/Privilege%20Escalation%20via%20Forced%20Browsing%20in%20Sourcecodester%20Money%20Transfer%20Management%20System
- https://www.sourcecodester.com/php/15015/money-transfer-management-system-send-money-businesses-php-free-source-code.html
