| タイトル | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control |
|---|
| 説明 | A Missing Authorization vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper authorization enforcement on privileged administrative endpoints. The application fails to perform proper server-side authorization validation, allowing an authenticated low-privileged user to access administrative functionality without possessing administrator permissions.
During authenticated security testing, it was observed that a normal/staff user account could directly access multiple restricted administrative modules by manually browsing privileged endpoints. The application did not verify whether the authenticated user had sufficient privileges before granting access to sensitive administrative resources.
Successful exploitation of this vulnerability allows unauthorized access to privileged administrative functionality, including vessel management, port management, accommodation management, reservation management, and administrative reporting modules. This issue may result in privilege escalation, unauthorized viewing of sensitive operational information, and unauthorized manipulation of application resources, compromising the overall security and integrity of the application. |
|---|
| ソース | ⚠️ https://medium.com/@hemantrajbhati5555/missing-authorization-in-sourcecodester-ship-ferry-ticket-reservation-system-leads-to-unauthorized-7783134d6596 |
|---|
| ユーザー | Hemant Raj Bhati (UID 95613) |
|---|
| 送信 | 2026年05月17日 10:35 (20 日 ago) |
|---|
| モデレーション | 2026年06月04日 17:37 (18 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 368366 [SourceCodester Ship Ferry Ticket Reservation System 1.0 /admin/ page 特権昇格] |
|---|
| ポイント | 20 |
|---|