| عنوان | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control |
|---|
| الوصف | A Missing Authorization vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper authorization enforcement on privileged administrative endpoints. The application fails to perform proper server-side authorization validation, allowing an authenticated low-privileged user to access administrative functionality without possessing administrator permissions.
During authenticated security testing, it was observed that a normal/staff user account could directly access multiple restricted administrative modules by manually browsing privileged endpoints. The application did not verify whether the authenticated user had sufficient privileges before granting access to sensitive administrative resources.
Successful exploitation of this vulnerability allows unauthorized access to privileged administrative functionality, including vessel management, port management, accommodation management, reservation management, and administrative reporting modules. This issue may result in privilege escalation, unauthorized viewing of sensitive operational information, and unauthorized manipulation of application resources, compromising the overall security and integrity of the application. |
|---|
| المصدر | ⚠️ https://medium.com/@hemantrajbhati5555/missing-authorization-in-sourcecodester-ship-ferry-ticket-reservation-system-leads-to-unauthorized-7783134d6596 |
|---|
| المستخدم | Hemant Raj Bhati (UID 95613) |
|---|
| ارسال | 17/05/2026 10:35 AM (20 أيام منذ) |
|---|
| الاعتدال | 04/06/2026 05:37 PM (18 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 368366 [SourceCodester Ship Ferry Ticket Reservation System 1.0 /admin/ page تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|