Enviar #829545: sayan365 student-management-system 1.0 Unauthenticated Accessinformación

Títulosayan365 student-management-system 1.0 Unauthenticated Access
DescripciónThe `edit_attendance.php` script, which allows viewing and modifying attendance records, lacks any form of authentication or authorisation. It does not call `session_start()` and never checks for a valid login session (e.g., `$_SESSION['username']`). The file simply includes the database connection and then processes requests based on `$_GET['id']`. Key code snippet: ```php <?php include 'db.php'; ?> ... if (isset($_GET['id'])) { // displays existing attendance data ... if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['id'])) { // updates attendance } } ```
Fuente⚠️ https://github.com/sayan365/student-management-system/issues/3
Usuario
 ciyou (UID 97928)
Sumisión2026-05-14 09:32 (hace 21 días)
Moderación2026-06-02 15:54 (19 days later)
EstadoAceptado
Entrada de VulDB367927 [sayan365 student-management-system hasta 7f3c9ce7d410332335c2affac93a385485051800 autenticación débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!