| 제목 | SourceCodester Web-based-Pharmacy-Product-Management-System 1.0 Improper Access Controls |
|---|
| 설명 | The application does not invalidate active sessions after account deletion.
When an Super Admin deletes a Admin account, any previously authenticated session (PHPSESSID) associated with that account remains valid.
Although new login attempts fail, the existing session continues to grant access to protected administrative pages until manual logout or session expiration.
This results in a privilege revocation bypass and constitutes Improper Access Control.
|
|---|
| 원천 | ⚠️ https://github.com/hiranerakkot/Web-based-Pharmacy-Product-Management-System/blob/main/README.md |
|---|
| 사용자 | Hiran (UID 95719) |
|---|
| 제출 | 2026. 02. 19. PM 12:16 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 01. AM 07:44 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 348296 [SourceCodester Web-based Pharmacy Product Management System 1.0 약한 인증] |
|---|
| 포인트들 | 20 |
|---|