| タイトル | code-projects Smart Parking System In PHP With Source Code 1.0 Improper Access Controls |
|---|
| 説明 | The Smart Parking System 1.0 by code-projects.org fails to enforce authentication on multiple admin-only endpoints. An unauthenticated remote attacker can directly access these endpoints with no session cookie and perform privileged operations including creating attendant accounts, editing and deleting parking records, and viewing all customer PII and booking data.
No credentials, no session token, and no interaction from any legitimate user is required to exploit this vulnerability. |
|---|
| ソース | ⚠️ https://github.com/Xmyronn/smart-parking-system-broken-access.git |
|---|
| ユーザー | imad alvi (UID 97088) |
|---|
| 送信 | 2026年05月08日 23:20 (27 日 ago) |
|---|
| モデレーション | 2026年05月31日 12:12 (23 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 367521 [code-projects Smart Parking System 1.0 Admin Endpoint 弱い認証] |
|---|
| ポイント | 20 |
|---|