| Título | code-projects Smart Parking System In PHP With Source Code 1.0 Improper Access Controls |
|---|
| Descrição | The Smart Parking System 1.0 by code-projects.org fails to enforce authentication on multiple admin-only endpoints. An unauthenticated remote attacker can directly access these endpoints with no session cookie and perform privileged operations including creating attendant accounts, editing and deleting parking records, and viewing all customer PII and booking data.
No credentials, no session token, and no interaction from any legitimate user is required to exploit this vulnerability. |
|---|
| Fonte | ⚠️ https://github.com/Xmyronn/smart-parking-system-broken-access.git |
|---|
| Utilizador | imad alvi (UID 97088) |
|---|
| Submissão | 08/05/2026 23h20 (há 27 dias) |
|---|
| Moderação | 31/05/2026 12h12 (23 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 367521 [code-projects Smart Parking System 1.0 Admin Endpoint Autenticação fraca] |
|---|
| Pontos | 20 |
|---|