| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Project Name | DMoney - Digital Financial Services | Environment | Production | Summary | ||||||||||||||||||||||
2 | Tester's Name | MD Hasan | Reviewed By | Bug | 11 | ||||||||||||||||||||||
3 | Date Tested | 28.11.2025 | Version | v1.1 | Improvement | 6 | |||||||||||||||||||||
4 | Issue ID | Module | Issue Title | Description | Steps to Reproduce | Issue Type | Priority | Severity | Actual Result | Expected Result | Attachment | ||||||||||||||||
5 | DMR1 | Dashboard | Broken Access Control (Admin Properties) | Users with other roles can easily view admin's properties by accessing URL which indicates a broken access control vulnerability. | 1. Login As Agent/Merchant/Customer to The Dmoney Website. 2. Go to >https://dmoneyportal.roadtocareer.net/admin/users >https://dmoneyportal.roadtocareer.net/admin/transactions >https://dmoneyportal.roadtocareer.net/admin/users/create | Bug | High | Critical | Admin properties can be easily accessed. | 403 Forbidden' error should be displayed. | Screenshot | ||||||||||||||||
6 | DMR2 | Dashboard | IDOR on User Dashboard | Changing the ID value (e.g., from 99000 to another user ID 99001) in the URL, allows Agent/Merchant/Customer users to view other users' profile information. | 1. Login As Agent/Merchant/Customer to The Dmoney Website. 2. Go to https://dmoneyportal.roadtocareer.net/admin/users/99000 or enter any {{ID}} | Bug | High | Critical | All profile information is displayed. | 403 Forbidden' error should be displayed. | Screenshot | ||||||||||||||||
7 | DMR3 | Dashboard | Dashboard Section Missing | When login into Dmoney portal there no dedicate dashboard section for All user | 1. Login As any user to The Dmoney Website. | Improvement | Medium | Major | After login there is no dedicated Dashboard section available for any user. The system redirect to profile page | After logging into the Dmoney portal every user should be presented with a dedicated Dashboard section that provides an overview of key information such as account balance, recent transactions, quick actions and navigation to other features. | Screenshot | ||||||||||||||||
8 | DMR4 | Profile | Agent/Merchant/Customer Cannot Edit their Profile | Agent/Merchant/Customer users are unable to update their own profile information. | 1. Login As Agent/Merchant/Customer to The Dmoney Website. 2. Click on Nav bar profile. 3. Edit 4. Save | Improvement | Low | Minor | Upon clicking 'Save', the error message "Only Admin can update users" is displayed, followed by a redirect to the login page. | The user's profile should be updated successfully. | Screenshot | ||||||||||||||||
9 | DMR5 | Profile | Agent/Merchant/Customer Cannot Change Password | Agent/Merchant/Customer users are prevented from changing their password due to a lack of permission. | 1. Login As Agent/Merchant/Customer to The Dmoney Website. 2. Click 'Change Password' on Nav bar. 3. Edit 4. Save | Bug | High | Major | Upon clicking 'Save', the error message "Only Admin can update users" is displayed, followed by a redirect to the login page. | The user's password should be updated successfully. | Screenshot | ||||||||||||||||
10 | DMR6 | Profile | Profile Photo 404 Error | The profile photo for every user is not displaying, resulting in a 404 error for the default photo resource. | 1. Login As Agent/Merchant/Customer to The Dmoney Website. 2. open DevTools'.s console 3. Reload Page | Improvement | Low | Minor | There is no option to upload a profile photo, and an error is displayed in the console. | The profile photo should be displayed in the navigation bar's profile section. | Screenshot | ||||||||||||||||
11 | DMR7 | Create User | Name Field Input Validation Missing | The Name field accepts any type of character (including special characters and malicious code), posing a potential security risk(malicious code injection) during account creation. | 1. Login As Admin to The Dmoney Website. 2. Go to 'Create User' 3. add null!@#$% to name field 4. Save | Bug | Medium | Minor | The field accepts any type of character. | The system should reject numbers and special characters. | Screenshot | ||||||||||||||||
12 | DMR8 | Create User | Weak Password Policy | The system accepts weak passwords, such as simple 4 character combinations (e.g. 1234), indicating a lack of strong password policy enforcement. | 1. Login As Admin to The Dmoney Website. 2. Go to 'Create User' 3. input 1111 to password field 4. Save | Improvement | Medium | Major | The field accepts any weak with 4-character combination. | The system should suggest creating a strong password (minimum 8 characters, including uppercase, lowercase, numbers, and special characters). | Screenshot | ||||||||||||||||
13 | DMR9 | Create User | Phone Field Accepts Invalid Characters | The Phone number field accepts letters and special characters, posing a security risk (malicious code injection) during account creation. | 1. Login As Admin to The Dmoney Website. 2. Go to 'Create User' 3. add 017acbr!@#$ to Phone field 4. Save | Bug | Medium | Minor | The field accepts special characters and letters. | The system should reject numbers and special characters. | Screenshot | ||||||||||||||||
14 | DMR10 | Create User | NID Field Accepts Invalid Characters | The NID field accepts letters and special characters, posing a security risk (malicious code injection) during account creation. | 1. Login As Admin to The Dmoney Website. 2. Go to 'Create User' 3. add 1fdfdf!@#$% to NID field 4. Save | Bug | Medium | Minor | The field accepts special characters and letters. | The system should reject numbers and special characters. | Screenshot | ||||||||||||||||
15 | DMR11 | Create User | NID number must be unique | Every NID number should be unique when creating a new user account. | 1. Login As Admin to The Dmoney Website. 2. Go to 'Create User' 3.Add info to User1 4. add '12345678' to NID field 5. Save 6. Go to 'Create User' again 7. Add info to User2 8. add same user1's NID number '12345678' to NID field 9. Save | Bug | Medium | Major | The system accepts the same NID number for user2 created. | The system should show a message "Enter Valid NID number, NID is already in use." | Screenshot | ||||||||||||||||
16 | DMR12 | Send Money | User-unfriendly Warning Message | Entering invalid data into input fields triggers a complex warning message that is difficult for a typical user to understand. | 1. Login As Customer to The Dmoney Website. 2. Goto 'Send Money' 3. add any invalid input (0) on Amount field | Improvement | Low | Low | The message "Value must be greater than or equal to 1" is displayed. | The message should be: "Does not accept negative or 0 Number." | Screenshot | ||||||||||||||||
17 | DMR13 | Send Money | Incorrect Account Type Display: Merchant as Agent | When money is sent to a Merchant account, the system incorrectly identifies the recipient account as an Agent account. | 1. Login As Customer to The Dmoney Website. 2. Go Send Money 3. add any Merchant account 4. Click on 'Send Money' | Bug | Low | Minor | Display "From/To account should not be an agent account" | The system should display a message "From/To account should not be an Merchant account" | Screenshot | ||||||||||||||||
18 | DMR14 | Cash In | Agent Cash In Fails Limit Exceeded Error | Agents are unable to complete Cash In transactions to any customer account, as the system consistently returns a "Limit exceeded" message. | 1. Login As Agent to The Dmoney Website. 2. Go Cash In 3. add any Customer account 4. Click on 'Cash in' | Bug | High | Critical | Display "Limit exceeded. You cannot deposit any more to this account" everytime. | The system should display what to do for next step or Auto reset after compelete it's cycle | Screenshot | ||||||||||||||||
19 | DMR15 | Self Statement | Hidden Transaction Charge in Self-Statement | The transaction charge deduction is not visible to Agent/Merchant/Customer users in the self-statement table. | 1. Login As Agent/Merchant/Customer to The Dmoney Website. 2. transfer money any amount 3. Observe on Self-Statement table | Improvement | Medium | Major | There is no column to view the transaction charge. | All transaction charges should be displayed in a dedicated column in the Self-Statement section. | Screenshot | ||||||||||||||||
20 | DMR16 | Self Statement | Deposit Commission' Information Missing on System/Agent end | After deposit or cash-in transaction from an agent to any customer account, the system does not display deposit commission details in the Self-Statement section and does not add the commission amount to the main account balance. | 1. Login As Agent to The Dmoney Website. 2. Cash In 100 to customer account 3. Observe Self Statement's transaction history | Bug | High | Major | System doesnot show agent’s any info on Self-Statement and does not add the commission to the main balance. | The commission amount should be added to the agent/system's main balance. And commission details should appear in the Self-Statement column. | Screenshot | ||||||||||||||||
21 | DMR17 | Log In | Redirect to login page if session is expired | User session ends when the browser is closed or the tab is inactive. When the D-Money website is re-opened, the previous session shows no information. To access content, the user must log out and log back in. | 1. Open Money Website where already logged any account 2. Refresh the page | Bug | High | Major | The page stays blank and shows no data; only the 'logout' function works | When the session ends, the page should automatically redirect the user to the login page. | Screenshot | ||||||||||||||||
22 | |||||||||||||||||||||||||||
23 | |||||||||||||||||||||||||||
24 | |||||||||||||||||||||||||||
25 | |||||||||||||||||||||||||||
26 | |||||||||||||||||||||||||||
27 | |||||||||||||||||||||||||||
28 | |||||||||||||||||||||||||||
29 | |||||||||||||||||||||||||||
30 | |||||||||||||||||||||||||||
31 | |||||||||||||||||||||||||||
32 | |||||||||||||||||||||||||||
33 | |||||||||||||||||||||||||||
34 | |||||||||||||||||||||||||||
35 | |||||||||||||||||||||||||||
36 | |||||||||||||||||||||||||||
37 | |||||||||||||||||||||||||||
38 | |||||||||||||||||||||||||||
39 | |||||||||||||||||||||||||||
40 | |||||||||||||||||||||||||||
41 | |||||||||||||||||||||||||||
42 | |||||||||||||||||||||||||||
43 | |||||||||||||||||||||||||||
44 | |||||||||||||||||||||||||||
45 | |||||||||||||||||||||||||||
46 | |||||||||||||||||||||||||||
47 | |||||||||||||||||||||||||||
48 | |||||||||||||||||||||||||||
49 | |||||||||||||||||||||||||||
50 | |||||||||||||||||||||||||||
51 | |||||||||||||||||||||||||||
52 | |||||||||||||||||||||||||||
53 | |||||||||||||||||||||||||||
54 | |||||||||||||||||||||||||||
55 | |||||||||||||||||||||||||||
56 | |||||||||||||||||||||||||||
57 | |||||||||||||||||||||||||||
58 | |||||||||||||||||||||||||||
59 | |||||||||||||||||||||||||||
60 | |||||||||||||||||||||||||||
61 | |||||||||||||||||||||||||||
62 | |||||||||||||||||||||||||||
63 | |||||||||||||||||||||||||||
64 | |||||||||||||||||||||||||||
65 | |||||||||||||||||||||||||||
66 | |||||||||||||||||||||||||||
67 | |||||||||||||||||||||||||||
68 | |||||||||||||||||||||||||||
69 | |||||||||||||||||||||||||||
70 | |||||||||||||||||||||||||||
71 | |||||||||||||||||||||||||||
72 | |||||||||||||||||||||||||||
73 | |||||||||||||||||||||||||||
74 | |||||||||||||||||||||||||||
75 | |||||||||||||||||||||||||||
76 | |||||||||||||||||||||||||||
77 | |||||||||||||||||||||||||||
78 | |||||||||||||||||||||||||||
79 | |||||||||||||||||||||||||||
80 | |||||||||||||||||||||||||||
81 | |||||||||||||||||||||||||||
82 | |||||||||||||||||||||||||||
83 | |||||||||||||||||||||||||||
84 | |||||||||||||||||||||||||||
85 | |||||||||||||||||||||||||||
86 | |||||||||||||||||||||||||||
87 | |||||||||||||||||||||||||||
88 | |||||||||||||||||||||||||||
89 | |||||||||||||||||||||||||||
90 | |||||||||||||||||||||||||||
91 | |||||||||||||||||||||||||||
92 | |||||||||||||||||||||||||||
93 | |||||||||||||||||||||||||||
94 | |||||||||||||||||||||||||||
95 | |||||||||||||||||||||||||||
96 | |||||||||||||||||||||||||||
97 | |||||||||||||||||||||||||||
98 | |||||||||||||||||||||||||||
99 | |||||||||||||||||||||||||||
100 | |||||||||||||||||||||||||||