Tag Archives: owasp

BOLA in a Laravel Livewire app: when client-side state is the only thing standing between users and admin actions

Posted on November 26, 2025 by Ceecee Newman

A penetration test landed an interesting finding on a Livewire-powered admin panel I work on. The summary on the report read: Broken Object-Level Authorization (BOLA). A standard user can change a tenant-wide “who can access these assets” setting by replaying … Continue reading →

Posted in Laravel, php | Tagged authorization, bola, laravel, livewire, owasp, php, security | Leave a comment

Tag Archives: owasp

BOLA in a Laravel Livewire app: when client-side state is the only thing standing between users and admin actions

Archives

Meta

Categories