关键漏洞信息 Title: SourceCodester Web-based-Pharmacy-Product-Management-System 1.0 Improper Access Controls Description: - The application does not invalidate active sessions after account deletion. - When a Super Admin deletes an Admin account, any previously authenticated session (PHPSESSID) associated with that account remains valid, allowing access until manual logout or session expiration. - This results in a privilege revocation bypass and constitutes Improper Access Control. Source: https://github.com/hiranerakkot/Web-based-Pharmacy-Product-Management-System/blob/main/README.md User: Hiran (UID 95719) Submission Date: 02/19/2026 12:16 PM Moderation Date: 03/01/2026 07:44 AM Status: Accepted VulDB Entry: 348296 Points: 20