| Título | raisulislamg4 student_management_system_by_php 1.0 Unauthenticated Arbitrary Record Deletion |
|---|
| Descripción | The `delete.php` script allows the deletion of various records (users, courses, teachers, students, applications) based on URL parameters (`user_id`, `course_id`, `teacher_id`, `student_id`, `application_id`) **without any authentication or authorisation**. The file does not check whether the requester is logged in, nor does it validate that the caller has permission to perform deletions. Additionally, the SQL queries are built by directly concatenating the unsanitised `$_GET` values, making the endpoint also vulnerable to SQL injection.
Example vulnerable code:
```php
require_once "db_con.php";
if ($_GET['user_id']) {
$user_id = $_GET['user_id'];
$sql = "DELETE FROM USERS WHERE ID='$user_id'";
$result = mysqli_query($data, $sql);
if ($result) {
header("location:user_list.php");
}
} |
|---|
| Fuente | ⚠️ https://github.com/raisulislamg4/student_management_system_by_php/issues/3 |
|---|
| Usuario | buerchen (UID 97910) |
|---|
| Sumisión | 2026-05-08 06:26 (hace 1 mes) |
|---|
| Moderación | 2026-05-31 09:59 (23 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 367505 [raisulislamg4 student_management_system_by_php hasta 310d950e09013d5133c6b9210aff9444382d16d1 delete.php inyección SQL] |
|---|
| Puntos | 20 |
|---|