| عنوان | sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0 Unauthenticated Access |
|---|
| الوصف | Every backend dashboard and data‑manipulation script in the application fails to enforce proper session‑based authentication. Each file begins with session_start();, but no check is performed to verify that a valid user session exists (e.g., if (!isset($_SESSION['email'])) { … }).
Because of this missing validation, an unauthenticated attacker can directly access administrative panels (admin, student, teacher dashboards) and all corresponding CRUD actions via their raw URLs. This exposes the entire application data and functionality to anyone who knows or guesses the file names. |
|---|
| المصدر | ⚠️ https://github.com/sambitraj/STUDENT-MANAGEMENT-SYSTEM/issues/1 |
|---|
| المستخدم | Harry_You (UID 97667) |
|---|
| ارسال | 29/04/2026 10:16 AM (1 شهر منذ) |
|---|
| الاعتدال | 26/05/2026 12:34 PM (27 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 365625 [sambitraj STUDENT-MANAGEMENT-SYSTEM حتى 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5 Dashboard تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|