| 제목 | Needyamin Library-Card-System 1.0 Broken Access Control |
|---|
| 설명 | Title of the Vulnerability: Library-Card-System | Broken Access Control In admindashboard.php
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: Broken Access Control
Product Name: Library-Card-System
Vendor: Needyamin
Type: Library-Card-System
Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/
Vendor Link:
https://github.com/needyamin/
Affected Components: /admindashboard.php
In Short:
Broken Access Control Vulnerability Found By Maloy Roy Orko to In The Admin Panel Of Library-Card-System 1.0(Vendor: Needyamin).The Admin Panel (admindashboard.php) Can Be Login By Anyone Without Entering Any Credentials As It Has No Proper Access Management & It Let Us Login Without Correct Credentials.
Suggested Description:
Broken Access Control in "/admindashboard.php" in "Library-Card-System application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "to login into admin panel without entering credentials in admin.php as no validations are provided" via "admin/gallery.php".
Attack Vectors:
To exploit vulnerability,he has to go to /admindashboard.php.Thus, Attacker can gain access to Admin Panel without even login!
Detailed Blog:
https://www.websecurityinsights.my.id/2025/01/library-card-system-admin-login-bypass.html?m=1
|
|---|
| 원천 | ⚠️ https://www.websecurityinsights.my.id/2025/01/library-card-system-admin-login-bypass.html?m=1 |
|---|
| 사용자 | MaloyRoyOrko (UID 79572) |
|---|
| 제출 | 2025. 01. 20. AM 02:10 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 01. 29. PM 04:38 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 294000 [needyamin Library Card System 1.0 Admin Panel admindashboard.php email/password SQL 주입] |
|---|
| 포인트들 | 20 |
|---|