Code-Projects Online Movie Streaming Missing Authorization Vulnerability

A critical missing authorization vulnerability has been identified in Code-Projects Online Movie Streaming version 1.0. The issue resides in the admin-control.php file, where the ID argument can be manipulated, leading to unauthorized access. This vulnerability allows any user, including those not logged in, to access administrative functions by directly navigating to the admin.php or admin-control.php URLs. The absence of proper authorization checks enables unauthorized users to modify site content and disrupt normal operations.

Impact

Exploitation of this vulnerability allows unauthorized users to access administrative functions, potentially leading to unauthorized modifications of site content and disruption of normal system operations.

Reproduction

To reproduce this vulnerability, an unauthenticated user can simply navigate to the admin.php or admin-control.php URLs on a vulnerable site. The absence of authorization checks will allow access to the administrative functions.