| عنوان | raisulislamg4 student_management_system_by_php 1.0 Unauthenticated Arbitrary Record Deletion |
|---|
| الوصف | The `delete.php` script allows the deletion of various records (users, courses, teachers, students, applications) based on URL parameters (`user_id`, `course_id`, `teacher_id`, `student_id`, `application_id`) **without any authentication or authorisation**. The file does not check whether the requester is logged in, nor does it validate that the caller has permission to perform deletions. Additionally, the SQL queries are built by directly concatenating the unsanitised `$_GET` values, making the endpoint also vulnerable to SQL injection.
Example vulnerable code:
```php
require_once "db_con.php";
if ($_GET['user_id']) {
$user_id = $_GET['user_id'];
$sql = "DELETE FROM USERS WHERE ID='$user_id'";
$result = mysqli_query($data, $sql);
if ($result) {
header("location:user_list.php");
}
} |
|---|
| المصدر | ⚠️ https://github.com/raisulislamg4/student_management_system_by_php/issues/3 |
|---|
| المستخدم | buerchen (UID 97910) |
|---|
| ارسال | 08/05/2026 06:26 AM (29 أيام منذ) |
|---|
| الاعتدال | 31/05/2026 09:59 AM (23 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367505 [raisulislamg4 student_management_system_by_php حتى 310d950e09013d5133c6b9210aff9444382d16d1 delete.php حقن SQL] |
|---|
| النقاط | 20 |
|---|