There are two vulnerabilities of missing authorization

## 1 Vulnerability basic information

+ **Name of software:** Lost-And-Found
+ **Software Download:** https://github.com/AvinashAnand02/Lost-And-Found
+ **Affected version:** main
+ **Types of vulnerabilities:** Missing Authorization (CWE-862)
+ **Vulnerability description and hazards:** In Lost-And-Found, when participants attempt to access resources or perform operations, authorization checks are not conducted. This leads to unauthorized attackers being able to perform sensitive operations.
+ **Vulnerability contributor:** Qin Mai of VARAS@IIE

## 2 Vulnerability recurrence

You can directly send the following data packets to perform the corresponding sensitive operations without identity authentication.

### 2.1 classes/SystemSettings.php

<img width="1572" height="793" alt="Image" src="https://github.com/user-attachments/assets/a349ea97-20bc-469a-801a-96195d97f268" />

### 2.2 classes/Master.php

<img width="1566" height="787" alt="Image" src="https://github.com/user-attachments/assets/fca2685d-c353-40ee-ac83-79c6a0867e53" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There are two vulnerabilities of missing authorization #6

1 Vulnerability basic information

2 Vulnerability recurrence

2.1 classes/SystemSettings.php

2.2 classes/Master.php

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There are two vulnerabilities of missing authorization #6

Description

1 Vulnerability basic information

2 Vulnerability recurrence

2.1 classes/SystemSettings.php

2.2 classes/Master.php

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions