Enviar #735483: PHPGurukul News Portal Project in PHP and MySql 1.0 Improper Access Controlsinformación

TítuloPHPGurukul News Portal Project in PHP and MySql 1.0 Improper Access Controls
DescripciónThe News Portal Project in PHP and MySql in PHPGurukul admin panel suffers from a broken access control vulnerability that allows a sub-admin user to perform admin-only actions. The endpoint `/news/admin/add-subadmins.php` used to create new sub-admin accounts is intended to be accessible only by users with administrator privileges. However, access control is enforced only at the UI level and not on the server side. A sub-admin can directly access the admin-only endpoint and is able to create additional sub-admin accounts, resulting in horizontal and vertical privilege escalation.
Fuente⚠️ https://github.com/Asim-QAZi/BrokenAccessControl-News-Portal-Project-in-PHP-and-MySQL-in-PHPGurukul
Usuario
 moasim (UID 93970)
Sumisión2026-01-09 18:19 (hace 5 meses)
Moderación2026-01-18 08:36 (9 days later)
EstadoAceptado
Entrada de VulDB341733 [PHPGurukul News Portal 1.0 Add Sub-Admin Page /admin/add-subadmins.php escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!