ScriptAndTools Online-Travling-System Access Control Vulnerability in viewenquiry.php
Vulnerability
A critical vulnerability has been identified in ScriptAndTools Online-Travling-System version 1.0, specifically within the file /admin/viewenquiry.php. This vulnerability arises from improper access controls, allowing remote exploitation without the need for authentication. The issue has been publicly disclosed and is available as a proof-of-concept exploit.
Impact
Exploitation of this vulnerability could lead to unauthorized access to administrative features, allowing attackers to view customer inquiries and personal information such as emails and phone numbers. This lack of access control could also facilitate further malicious activities, such as distributing malware, installing web shells, or causing reputational damage to affected individuals or organizations.
Reproduction
To reproduce this vulnerability, access the /admin/viewenquiry.php file directly without logging in. The absence of access controls will allow viewing of all customer inquiries and associated personal information.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.