| Titel | a4m4 Student-Management-System--PHP- 1.0 Authentication Bypass |
|---|
| Beschreibung | The access control mechanism at the top of almost every file in the `admin/` directory is insufficiently implemented. It checks for a valid session but, after sending a redirect header, fails to terminate script execution:
```php
session_start();
if(isset($_SESSION['uid'])){
echo "";
} else {
header('location: ../login.php');
}
```
Because there is no exit; or die; statement after the header() call, PHP continues to execute the rest of the script, rendering the full protected page (HTML, forms, sensitive data) and sending it to the client along with the 302 redirect. An attacker can simply ignore the redirect instruction and read the response body, thereby gaining unauthorised access to all administrative functionality. |
|---|
| Quelle | ⚠️ https://github.com/a4m4/Student-Management-System--PHP-/issues/2 |
|---|
| Benutzer | gscsd (UID 97914) |
|---|
| Einreichung | 11.05.2026 05:59 (vor 25 Tagen) |
|---|
| Moderieren | 31.05.2026 16:16 (20 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 367550 [a4m4 Student-Management-System bis f0c5f6842c5e8c431ff02b5260a565ca844df3a0 Admin Endpoint admin/ uid Redirect] |
|---|
| Punkte | 20 |
|---|