ATTACK CHAINS
Attack Chains
Multi-step attack paths modeled from validated findings
AC-001CriticalExploitable
Admin Account Takeover
9.8
CVSS
SQLi on /api/v1/login
Extract session token
Escalate to admin
Full system access
AC-002HighValidated
Lateral Movement via IDOR
7.5
CVSS
IDOR on /api/v1/users/{id}
Enumerate user base
Access PII data