| タイトル | code-projects Online Movie Streaming 1.0 Improper Authentication |
|---|
| 説明 | A Missing Authorization vulnerability exists in the admin panel of code-projects Online Movie Streaming 1.0. The admin.php and admin-control.php scripts fail to perform any server-side permission checks. While the UI hides the admin link from non-administrative users, any unauthenticated attacker can bypass this by directly navigating to the admin page URLs. This allows for unauthorized access to administrative functions, such as adding or modifying movie content on the site. |
|---|
| ソース | ⚠️ https://github.com/i-Corner/cve/issues/15 |
|---|
| ユーザー | iC0rner (UID 82839) |
|---|
| 送信 | 2025年07月30日 09:29 (11 月 ago) |
|---|
| モデレーション | 2025年07月31日 20:52 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 318462 [code-projects Online Movie Streaming 1.0 /admin.php 識別子 特権昇格] |
|---|
| ポイント | 20 |
|---|