| Titre | QueryMine sms 1.0 Unauthorized Course Deletion |
|---|
| Description | The admin/deletecourse.php file is responsible for handling the course deletion function in the background management system. However, the code lacks necessary authentication and authorization verification mechanisms—there is no check on the user's login status (such as verifying the validity of the session Cookie) and administrator role permissions before executing the deletion operation. The key code directly obtains the course ID from the GET request parameter id through $_GET['id'], and concatenates it into the SQL deletion statement DELETE FROM course WHERE course_id='$get_course_id' without any filtering or parameterization. This leads to two high-risk security issues: authentication bypass (attackers can access the interface without logging in) and unauthorized access (any unauthenticated user can arbitrarily delete any course in the system by constructing a valid request, resulting in serious data loss and system functional damage. In addition, the project does not enable the Issue function, making it impossible to submit vulnerability reports and repair suggestions to the project maintainers through the official repository. |
|---|
| La source | ⚠️ https://github.com/duckpigdog/CVE/blob/main/QueryMine_sms%20PHP%20Project%20Deployment%20Document%20(Windows%20Local)-1.md |
|---|
| Utilisateur | lzz0403 (UID 96714) |
|---|
| Soumission | 24/03/2026 07:47 (il y a 25 jours) |
|---|
| Modérer | 17/04/2026 09:14 (24 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 358034 [QueryMine sms GET Request Parameter admin/deletecourse.php ID injection SQL] |
|---|
| Points | 20 |
|---|