code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.
The vulnerability results from improper access control (CWE-284) and insufficient identity verification (CWE-287). A logged-in user with low privileges can forge session data so that the system treats them as a high-privilege user. After successfully bypassing the authorization mechanism, the attacker gains the ability to perform operations reserved for administrators.
An attacker with access to a low-privilege account can gain full control over the application by executing arbitrary sensitive administrative operations — which may lead to breaches of confidentiality, integrity, and availability of the system (CVSS C:H/I:H/A:H).
Patches available from the vendor should be applied in accordance with the references. As a temporary measure, it is recommended to restrict access to the application to trusted users only and implement additional server-side privilege validation.
Code-Projects Simple Car Rental System version 1.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HCode Projects Simple Car Rental System
APPCode-Projects1.0
Related vulnerabilities
A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerabi...
A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This a...
A vulnerability, which was classified as problematic, has been found in code-projects Simple Car Rental System...
SQL Injection w Code-Projects Budget Management via parametr delete
Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP