| Título | code-projects Online Movie Streaming 1.0 Improper Authentication |
|---|
| Descripción | A Missing Authorization vulnerability exists in the admin panel of code-projects Online Movie Streaming 1.0. The admin.php and admin-control.php scripts fail to perform any server-side permission checks. While the UI hides the admin link from non-administrative users, any unauthenticated attacker can bypass this by directly navigating to the admin page URLs. This allows for unauthorized access to administrative functions, such as adding or modifying movie content on the site. |
|---|
| Fuente | ⚠️ https://github.com/i-Corner/cve/issues/15 |
|---|
| Usuario | iC0rner (UID 82839) |
|---|
| Sumisión | 2025-07-30 09:29 (hace 11 meses) |
|---|
| Moderación | 2025-07-31 20:52 (1 day later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 318462 [code-projects Online Movie Streaming 1.0 /admin.php ID escalada de privilegios] |
|---|
| Puntos | 20 |
|---|