CVE-2026-10243 - Vulnerability Details

- code-projects Smart Parking System Admin Endpoint missing authentication

Description

A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.

Published: 2026-06-01

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

This vulnerability allows an attacker to bypass authentication controls on the Smart Parking System’s admin endpoints. By manipulating an unknown function within the admin component, an attacker can gain unauthorized administrative access without credentials. The flaw is classified as CWE‑287 (Authentication Bypass) and CWE‑306 (Missing Authentication for Sensitive Action), indicating that both the authentication mechanism and its enforcement are compromised.

Affected Systems

The affected product is code‑projects Smart Parking System version 1.0. Multiple admin endpoints are vulnerable, and the issue is specific to an undocumented function in the admin component. Only this version is currently known to be impacted.

Risk and Exploitability

The CVSS score of 6.9 reflects moderate severity, and no EPSS data is available to quantify exploitation likelihood. Because the vulnerability can be triggered remotely and is publicly disclosed, users of the 1.0 release should treat it as a legitimate risk. The CVE is not listed in CISA’s KEV catalog, but the absence of an EPSS score does not indicate low risk in practice. Formal exploitation requires the attacker to target the exposed admin endpoints, which are typically accessible via the public network, making the vulnerability exploitable from outside the organization.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

code-projects

Smart Parking System

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Code-projects

Smart Parking System

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Verify that your deployment runs version 1.0 of the Smart Parking System; then check the vendor’s site for a patch or an upgraded release that addresses the missing authentication flaw.
Until a patch is available, limit external access to the admin endpoints by configuring firewall rules or VPN access controls so that only trusted hosts can reach the interface.
If the affected endpoints can be temporarily disabled or isolated, do so to prevent unauthorized use while monitoring for new advisories and applying any future fixes.

Generated by OpenCVE AI on June 1, 2026 at 10:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00514.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://code-projects.org/
https://github.com/Xmyronn/smart-parking-system-broken-access.git
https://vuldb.com/cve/CVE-2026-10243
https://vuldb.com/submit/823871
https://vuldb.com/vuln/367521
https://vuldb.com/vuln/367521/cti

History

Mon, 01 Jun 2026 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 01 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component Admin Endpoint. Such manipulation leads to missing authentication. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Multiple endpoints are affected.
Title		code-projects Smart Parking System Admin Endpoint missing authentication
First Time appeared		Code-projects Code-projects smart Parking System
Weaknesses		CWE-287 CWE-306
CPEs		cpe:2.3:a:code-projects:smart_parking_system::::::::
Vendors & Products		Code-projects Code-projects smart Parking System
References		https://code-projects.org/ https://github.com/Xmyronn/smart-parking-system-broken-access.git https://vuldb.com/cve/CVE-2026-10243 https://vuldb.com/submit/823871 https://vuldb.com/vuln/367521 https://vuldb.com/vuln/367521/cti
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Code-projects Smart Parking System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-01T09:00:13.192Z

Updated: 2026-06-01T15:23:18.984Z

Reserved: 2026-05-31T10:12:00.665Z

Link: CVE-2026-10243

Vulnrichment

Updated: 2026-06-01T15:00:31.513Z

NVD

Status : Deferred

Published: 2026-06-01T09:16:16.290

Modified: 2026-06-01T15:15:37.293

Link: CVE-2026-10243

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-02T20:54:46Z

Weaknesses

CWE-287
Improper Authentication
CWE-306
Missing Authentication for Critical Function

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object