Summary
Just login as a normal user, then change the url from admin-panel.php to admin-panel1.php, you will have admin access. After this, an attacker can do anything that the admin has access to.
Impact
Broken Access Control, any user can become an admin and perform actions of admin
Summary
Just login as a normal user, then change the url from admin-panel.php to admin-panel1.php, you will have admin access. After this, an attacker can do anything that the admin has access to.
Impact
Broken Access Control, any user can become an admin and perform actions of admin