| शीर्षक | Code-projects Online Hospital Management System V1.0 unauthorized access |
|---|
| विवरण | There is a critical unauthorized administrator privilege escalation vulnerability in the source code of this application. When registering a new account on the system, if an attacker enters the username of an existing system administrator in the username field of the registration form, and fills in any arbitrary password, the system will directly overwrite the original administrator account's password without performing any identity verification, permission check, or existence conflict judgment. After successfully completing the registration operation, the attacker can use the customized password and the administrator username to log in to the system smoothly, thereby illegally obtaining full administrator privileges without any authorization. This serious vulnerability allows unauthorized attackers to completely take over the administrator account, bypass all security access controls, and perform all sensitive operations reserved for system administrators. |
|---|
| स्रोत | ⚠️ https://github.com/MyMySSS/CVE123/blob/main/cve2/cve2.md |
|---|
| उपयोगकर्ता | MyMy (UID 96642) |
|---|
| सबमिशन | 16/04/2026 05:42 PM (2 महीनों पहले) |
|---|
| संयम | 01/05/2026 04:31 PM (15 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360577 [code-projects Online Hospital Management System 1.0 Registration उपयोगकर्ता नाम अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|