CVE-2022-30016

Vulnerability

Rescue Dispatch Management System version 1.0, a PHP/MySQL web application, contains an incorrect access control vulnerability in the admin panel. The page at /rdms/admin/?page=system_info does not enforce authentication, allowing any user to view system configuration details without logging in [1][2]. The application is designed with two user roles (Administrator and Staff), but this endpoint lacks proper authorization checks.

Exploitation

An attacker can exploit this vulnerability by simply navigating to the vulnerable URL in a web browser. No authentication, user interaction, or special network position is required. The attacker only needs to know the path to the admin page, which is publicly documented in the project source code [1]. The exploitation step is trivial: visit http://localhost/rdms/admin/?page=system_info.

Impact

Successful exploitation results in unauthorized disclosure of system information, including the system name, logo, and other configuration data accessible through the system_info page. This information disclosure could aid further attacks by revealing internal details about the application environment. The attacker gains read access to admin-level data without any privileges, compromising confidentiality.

Mitigation

As of the publication date (2022-05-23), no official patch has been released by the vendor (SourceCodester) [1]. The project may be unmaintained. Administrators should restrict access to the admin directory using server-level controls (e.g., .htaccess authentication or IP whitelisting) until a fix is available. No workaround is provided in the references [2].