Medium Admin panel URLs or interfaces are exposed without adequate protection.
Impact:
Allows attackers to discover and target privileged admin interfaces.
| Vulnerability Name | Vulnerable URL | CVE/CWE | CVSS Score | Overall Risk (Severity) |
Observation / Description | Impact | Recommendation | Reference | Steps to reproduce |
| https://uatamrit.piramalswasthya.org/admin/login | Admin Panel Disclosure | CWE-200 | 3.1 | Low | An admin panel page being publicly accessible occurs when the administrative interface of a system is exposed to the internet without any proper access control mechanisms in place. This means that anyone, including unauthorized users, can potentially visit the admin login page or even access sensitive admin functions without the need for authentication or validation. | The public accessibility of an admin panel significantly increases the risk of a security breach. Attackers can attempt to exploit weak login credentials, brute-force attacks, or vulnerabilities in the admin panel to gain unauthorized access. Once compromised, attackers could modify or delete data, escalate privileges, or take control of the entire system, leading to loss of sensitive data, service disruption, and reputational damage. | The admin panel should be restricted to trusted IP addresses or networks only, using techniques like IP whitelisting. Additionally, access should be protected with strong authentication methods such as multi-factor authentication (MFA). The use of robust firewalls and VPNs can also help shield the admin panel from public access. | https://cwe.mitre.org/data/definitions/200.html | Step 1: DuringĀ security assessment, we crawled the target site and discovered an Admin Login page Step 2: The admin interface was reachable from the public site (no prior authentication required to view the login page). |
