| 标题 | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control |
|---|
| 描述 | A Missing Authorization vulnerability exists in SourceCodester Ship/Ferry Ticket Reservation System 1.0 due to improper authorization enforcement on privileged administrative endpoints. The application fails to perform proper server-side authorization validation, allowing an authenticated low-privileged user to access administrative functionality without possessing administrator permissions.
During authenticated security testing, it was observed that a normal/staff user account could directly access multiple restricted administrative modules by manually browsing privileged endpoints. The application did not verify whether the authenticated user had sufficient privileges before granting access to sensitive administrative resources.
Successful exploitation of this vulnerability allows unauthorized access to privileged administrative functionality, including vessel management, port management, accommodation management, reservation management, and administrative reporting modules. This issue may result in privilege escalation, unauthorized viewing of sensitive operational information, and unauthorized manipulation of application resources, compromising the overall security and integrity of the application. |
|---|
| 来源 | ⚠️ https://medium.com/@hemantrajbhati5555/missing-authorization-in-sourcecodester-ship-ferry-ticket-reservation-system-leads-to-unauthorized-7783134d6596 |
|---|
| 用户 | Hemant Raj Bhati (UID 95613) |
|---|
| 提交 | 2026-05-17 10時35分 (20 日前) |
|---|
| 管理 | 2026-06-04 17時37分 (18 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 368366 [SourceCodester Ship Ferry Ticket Reservation System 1.0 /admin/ page 权限提升] |
|---|
| 积分 | 20 |
|---|