Incorrect Access Control Vulnerability in SourceCodester Computer Laboratory Management System
CVE-2024-54818

Currently unrated

Key Information:

Vendor: SourceCodester
Vendor: CVE Published:; 8 January 2025

Summary

The SourceCodester Computer Laboratory Management System version 1.0 is vulnerable to an incorrect access control issue, which can be exploited through the endpoint /php-lms/admin/?page=user/list. This vulnerability allows unauthorized users to gain access to restricted resources, potentially compromising sensitive information and system integrity. Proper checks should be implemented to restrict access to sensitive administrative functions.

References

https://github.com/CloseC4ll/vulnerability-research/tree/...

https://portswigger.net/web-security/access-control#how-t...

Timeline

Vulnerability published
Jan 8, 2025