Code-Projects Online Movie Streaming Missing Authorization Vulnerability

A critical missing authorization vulnerability has been identified in Code-Projects Online Movie Streaming version 1.0. The issue resides in the admin.php and admin-control.php files, where the absence of proper authorization checks allows unauthorized users, including unauthenticated visitors, to access administrative functions remotely. This vulnerability could be exploited to manipulate the site's content, such as adding or modifying movies.

Impact

Exploitation of this vulnerability could lead to unauthorized access to administrative functions, allowing for unauthorized modification of site content, such as movie listings.

Reproduction

To reproduce this vulnerability, an unauthenticated user can directly navigate to the admin.php or admin-control.php URLs. The absence of authorization checks will grant access to the administrative functions, bypassing any user role restrictions.