:::: Insecure Access Control ::::

Step 1 : Login to the application with non admin privilege.

Step 2 : Access user list with hprms/admin/?page=user/list and edit the privilege of any user or create new user with all privilege.

Step 3 : Now we have admin privilege.