CVE-2025-70758

Name of the Vulnerable Software and Affected Versions chetans9 core-php-admin-panel through commit a94a780d6

Description The application does not call exit() after sending an HTTP redirect via header(Location:login.php) when a user is not authenticated. This allows remote unauthenticated attackers to access protected pages, including the customer database. The vulnerable file is includes/auth validate.php.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.