| Titel | tittuvarghese CollegeManagementSystem 1.0 Session Fixation Leading to Account Takeover |
|---|
| Beschreibung | The login script initialises a session with `session_start()` at line 3 but fails to regenerate the session identifier after a successful login. When the user’s credentials are validated, the server stores the authentication data into the existing session and redirects to the dashboard:
```php
session_start();
...
$_SESSION['UserAuthData']=$UserAuthData;
header('Location: dashboard.php');
```
Because session_regenerate_id(true) is never called, the session ID remains the same as before the login. An attacker can obtain a valid session ID (e.g., by visiting the site, or by setting an arbitrary PHPSESSID cookie) and trick a victim into authenticating with that same ID. Once the victim logs in, the attacker can reuse the now‑authenticated session ID and gain full access to the victim’s account. |
|---|
| Quelle | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/4 |
|---|
| Benutzer | songlan (UID 98308) |
|---|
| Einreichung | 18.05.2026 17:33 (vor 20 Tagen) |
|---|
| Moderieren | 05.06.2026 10:10 (18 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 368873 [tittuvarghese CollegeManagementSystem /login-form.php session_start UserAuthData schwache Authentisierung] |
|---|
| Punkte | 20 |
|---|