Soumettre #845099: jairiidriss restaurant-website-php-mysql 1.0 jairiidriss Restaurant Website PHP MySQL 1.0 missing authenticatinformation

Titrejairiidriss restaurant-website-php-mysql 1.0 jairiidriss Restaurant Website PHP MySQL 1.0 missing authenticat
DescriptionRestaurant Website PHP MySQL v1.0 contains a missing authentication vulnerability in multiple administrative AJAX endpoints under /admin/ajax_files/. The affected files perform sensitive administrative actions such as deleting menus, modifying order states, managing menu categories, and uploading gallery images without validating administrator sessions. While the main administrative pages correctly enforce session-based authentication, the corresponding AJAX handlers contain no authentication or authorization checks and directly process attacker-controlled POST requests. A remote unauthenticated attacker can directly invoke these endpoints to perform unauthorized administrative operations.
La source⚠️ https://github.com/jairiidriss/restaurant-website-php-mysql/issues/6
Utilisateur
 Fklov (UID 98102)
Soumission01/06/2026 19:07 (il y a 1 mois)
Modérer03/07/2026 18:55 (1 month later)
StatutAccepté
Entrée VulDB376138 [jairiidriss restaurant-website-php-mysql AJAX Endpoint /admin/ajax_files authentification faible]
Points20

Do you want to use VulDB in your project?

Use the official API to access entries easily!