Submeter #762795: SourceCodester Web-based-Pharmacy-Product-Management-System 1.0 Improper Access Controlsinformação

TítuloSourceCodester Web-based-Pharmacy-Product-Management-System 1.0 Improper Access Controls
DescriçãoThe application does not invalidate active sessions after account deletion. When an Super Admin deletes a Admin account, any previously authenticated session (PHPSESSID) associated with that account remains valid. Although new login attempts fail, the existing session continues to grant access to protected administrative pages until manual logout or session expiration. This results in a privilege revocation bypass and constitutes Improper Access Control.
Fonte⚠️ https://github.com/hiranerakkot/Web-based-Pharmacy-Product-Management-System/blob/main/README.md
Utilizador
 Hiran (UID 95719)
Submissão19/02/2026 12h16 (há 2 meses)
Moderação01/03/2026 07h44 (10 days later)
EstadoAceite
Entrada VulDB348296 [SourceCodester Web-based Pharmacy Product Management System 1.0 Autenticação fraca]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!