| عنوان | https://code-projects.org/ Blog Site In PHP With Source Code 1.0 Unauthorized |
|---|
| الوصف | The admin.php file serves as the central administration panel for the blog system, typically used for publishing, editing, and deleting posts, managing comments, and configuring system settings.
The root cause of this vulnerability is the lack of proper authentication and authorization checks within the admin.php file. An attacker can directly access this file via its URL, such as http://[site]/admin.php, without the system verifying if the requesting user is logged in or possesses administrative privileges.
This can lead to the following consequences:
An unauthorized user can directly view the administrative dashboard.
An unauthorized user can call administrative functions defined within admin.php or its included files (e.g., via crafted HTTP GET/POST requests), potentially leading to data leakage, system configuration changes, or content compromise. |
|---|
| المصدر | ⚠️ https://github.com/Yohane-Mashiro/cve/blob/main/Unauthorized.md |
|---|
| المستخدم | Yohane-Mashiro (UID 92825) |
|---|
| ارسال | 20/11/2025 05:25 PM (5 أشهر منذ) |
|---|
| الاعتدال | 23/11/2025 08:54 AM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 333340 [code-projects Blog Site 1.0 /admin.php تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|