Online Boat Reservation System
Monthly
Improper authorization across multiple administrative endpoints in SourceCodester Online Boat Reservation System 1.0 allows remote authenticated attackers with low-privilege accounts to bypass access controls and interact with admin-only functionality. The vulnerability, classified as broken access control (CWE-285), enables unauthorized reads, writes, and limited availability impact on restricted resources. A publicly available proof-of-concept exploit has been disclosed on Medium, and no public exploit identified at time of analysis meets the CISA KEV threshold - however, the existence of a walkthrough PoC materially lowers the barrier to exploitation.
Improper authorization across multiple administrative endpoints in SourceCodester Online Boat Reservation System 1.0 allows remote authenticated attackers with low-privilege accounts to bypass access controls and interact with admin-only functionality. The vulnerability, classified as broken access control (CWE-285), enables unauthorized reads, writes, and limited availability impact on restricted resources. A publicly available proof-of-concept exploit has been disclosed on Medium, and no public exploit identified at time of analysis meets the CISA KEV threshold - however, the existence of a walkthrough PoC materially lowers the barrier to exploitation.