| Título | code-projects Smart Parking System In PHP With Source Code 1.0 Improper Access Controls |
|---|
| Descripción | The Smart Parking System 1.0 by code-projects.org fails to enforce authentication on multiple admin-only endpoints. An unauthenticated remote attacker can directly access these endpoints with no session cookie and perform privileged operations including creating attendant accounts, editing and deleting parking records, and viewing all customer PII and booking data.
No credentials, no session token, and no interaction from any legitimate user is required to exploit this vulnerability. |
|---|
| Fuente | ⚠️ https://github.com/Xmyronn/smart-parking-system-broken-access.git |
|---|
| Usuario | imad alvi (UID 97088) |
|---|
| Sumisión | 2026-05-08 23:20 (hace 28 días) |
|---|
| Moderación | 2026-05-31 12:12 (23 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 367521 [code-projects Smart Parking System 1.0 Admin Endpoint autenticación débil] |
|---|
| Puntos | 20 |
|---|