| عنوان | sayan365 student-management-system 1.0 Unauthenticated Access |
|---|
| الوصف | The `edit_attendance.php` script, which allows viewing and modifying attendance records, lacks any form of authentication or authorisation. It does not call `session_start()` and never checks for a valid login session (e.g., `$_SESSION['username']`). The file simply includes the database connection and then processes requests based on `$_GET['id']`.
Key code snippet:
```php
<?php include 'db.php'; ?>
...
if (isset($_GET['id'])) {
// displays existing attendance data
...
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['id'])) {
// updates attendance
}
}
``` |
|---|
| المصدر | ⚠️ https://github.com/sayan365/student-management-system/issues/3 |
|---|
| المستخدم | ciyou (UID 97928) |
|---|
| ارسال | 14/05/2026 09:32 AM (26 أيام منذ) |
|---|
| الاعتدال | 02/06/2026 03:54 PM (19 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 367927 [sayan365 student-management-system حتى 7f3c9ce7d410332335c2affac93a385485051800 توثيق ضعيف] |
|---|
| النقاط | 20 |
|---|