ScriptAndTools Online-Travling-System Broken Access Control Vulnerability in addadvertisement.php
Vulnerability
A critical vulnerability has been identified in ScriptAndTools Online-Travling-System version 1.0, specifically within the file /admin/addadvertisement.php. This vulnerability arises from improper access controls, allowing remote exploitation. The issue was publicly disclosed and is associated with several potential impacts, including unauthorized access, data breaches, and reputation damage.
Impact
Exploitation of this vulnerability allows for unauthorized access to administrative features, enabling users to add fraudulent advertisements without any login credentials. This lack of access control could lead to further malicious activities, such as malware distribution, web shell installation, and significant damage to the reputation of individuals or organizations using this template.
Reproduction
To reproduce this vulnerability, navigate to the /admin/addadvertisement.php file on the server. No login is required to access this page, which should only be available to authorized users. Once on the page, advertisements can be added without any verification, demonstrating the broken access control.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.