| Titre | SourceCodester Web-based-Pharmacy-Product-Management-System 1.0 Improper Access Controls |
|---|
| Description | The application does not invalidate active sessions after account deletion.
When an Super Admin deletes a Admin account, any previously authenticated session (PHPSESSID) associated with that account remains valid.
Although new login attempts fail, the existing session continues to grant access to protected administrative pages until manual logout or session expiration.
This results in a privilege revocation bypass and constitutes Improper Access Control.
|
|---|
| La source | ⚠️ https://github.com/hiranerakkot/Web-based-Pharmacy-Product-Management-System/blob/main/README.md |
|---|
| Utilisateur | Hiran (UID 95719) |
|---|
| Soumission | 19/02/2026 12:16 (il y a 2 mois) |
|---|
| Modérer | 01/03/2026 07:44 (10 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 348296 [SourceCodester Web-based Pharmacy Product Management System 1.0 authentification faible] |
|---|
| Points | 20 |
|---|