제출 #845099: jairiidriss restaurant-website-php-mysql 1.0 jairiidriss Restaurant Website PHP MySQL 1.0 missing authenticat정보

제목jairiidriss restaurant-website-php-mysql 1.0 jairiidriss Restaurant Website PHP MySQL 1.0 missing authenticat
설명Restaurant Website PHP MySQL v1.0 contains a missing authentication vulnerability in multiple administrative AJAX endpoints under /admin/ajax_files/. The affected files perform sensitive administrative actions such as deleting menus, modifying order states, managing menu categories, and uploading gallery images without validating administrator sessions. While the main administrative pages correctly enforce session-based authentication, the corresponding AJAX handlers contain no authentication or authorization checks and directly process attacker-controlled POST requests. A remote unauthenticated attacker can directly invoke these endpoints to perform unauthorized administrative operations.
원천⚠️ https://github.com/jairiidriss/restaurant-website-php-mysql/issues/6
사용자
 Fklov (UID 98102)
제출2026. 06. 01. PM 07:07 (1 월 ago)
모더레이션2026. 07. 03. PM 06:55 (1 month later)
상태수락
VulDB 항목376138 [jairiidriss restaurant-website-php-mysql 까지 521428b5b612449df0cf4a5d15ee40cba67f3d35 AJAX Endpoint /admin/ajax_files 약한 인증]
포인트들20

Do you want to use VulDB in your project?

Use the official API to access entries easily!