Core PHP Admin Panel Authentication Bypass Vulnerability

Vulnerability

An authentication bypass vulnerability has been identified in Core PHP Admin Panel, specifically in the file 'includes/auth_validate.php' prior to commit 'a94a780d6'. The issue arises because the application redirects unauthenticated users to 'login.php' without terminating the script. This flaw enables remote, unauthenticated attackers to access protected pages, including the customer database.

Impact

Exploitation of this vulnerability allows remote, unauthenticated access to protected pages and the customer database.

Added: Feb 3, 2026, 6:28 PM

Updated: Feb 3, 2026, 6:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

2.7

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.1

remediation

0.0

relevance

2.7

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Core PHP Admin Panel Authentication Bypass Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating