提出 #485553: Needyamin Library-Card-System 1.0 Broken Access Control情報

タイトルNeedyamin Library-Card-System 1.0 Broken Access Control
説明Title of the Vulnerability: Library-Card-System | Broken Access Control In admindashboard.php Finder & Exploit Owner: Maloy Roy Orko Vulnerability Class: Broken Access Control Product Name: Library-Card-System Vendor: Needyamin Type: Library-Card-System Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/ Vendor Link: https://github.com/needyamin/ Affected Components: /admindashboard.php In Short: Broken Access Control Vulnerability Found By Maloy Roy Orko to In The Admin Panel Of Library-Card-System 1.0(Vendor: Needyamin).The Admin Panel (admindashboard.php) Can Be Login By Anyone Without Entering Any Credentials As It Has No Proper Access Management & It Let Us Login Without Correct Credentials. Suggested Description: Broken Access Control in "/admindashboard.php" in "Library-Card-System application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "to login into admin panel without entering credentials in admin.php as no validations are provided" via "admin/gallery.php". Attack Vectors: To exploit vulnerability,he has to go to /admindashboard.php.Thus, Attacker can gain access to Admin Panel without even login! Detailed Blog: https://www.websecurityinsights.my.id/2025/01/library-card-system-admin-login-bypass.html?m=1
ソース⚠️ https://www.websecurityinsights.my.id/2025/01/library-card-system-admin-login-bypass.html?m=1
ユーザー
 MaloyRoyOrko (UID 79572)
送信2025年01月20日 02:10 (1 年 ago)
モデレーション2025年01月29日 16:38 (10 days later)
ステータス承諾済み
VulDBエントリ294000 [needyamin Library Card System 1.0 Admin Panel admindashboard.php email/password SQLインジェクション]
ポイント20

Interested in the pricing of exploits?

See the underground prices here!