| Titolo | code-projects Online Movie Streaming 1.0 Improper Authentication |
|---|
| Descrizione | A Missing Authorization vulnerability exists in the admin panel of code-projects Online Movie Streaming 1.0. The admin.php and admin-control.php scripts fail to perform any server-side permission checks. While the UI hides the admin link from non-administrative users, any unauthenticated attacker can bypass this by directly navigating to the admin page URLs. This allows for unauthorized access to administrative functions, such as adding or modifying movie content on the site. |
|---|
| Fonte | ⚠️ https://github.com/i-Corner/cve/issues/15 |
|---|
| Utente | iC0rner (UID 82839) |
|---|
| Sottomissione | 30/07/2025 09:29 (11 mesi fa) |
|---|
| Moderazione | 31/07/2025 20:52 (1 day later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 318462 [code-projects Online Movie Streaming 1.0 /admin.php ID escalationi di privilegi] |
|---|
| Punti | 20 |
|---|