| Titre | a4m4 Student-Management-System--PHP- 1.0 Authentication Bypass |
|---|
| Description | The access control mechanism at the top of almost every file in the `admin/` directory is insufficiently implemented. It checks for a valid session but, after sending a redirect header, fails to terminate script execution:
```php
session_start();
if(isset($_SESSION['uid'])){
echo "";
} else {
header('location: ../login.php');
}
```
Because there is no exit; or die; statement after the header() call, PHP continues to execute the rest of the script, rendering the full protected page (HTML, forms, sensitive data) and sending it to the client along with the 302 redirect. An attacker can simply ignore the redirect instruction and read the response body, thereby gaining unauthorised access to all administrative functionality. |
|---|
| La source | ⚠️ https://github.com/a4m4/Student-Management-System--PHP-/issues/2 |
|---|
| Utilisateur | gscsd (UID 97914) |
|---|
| Soumission | 11/05/2026 05:59 (il y a 25 jours) |
|---|
| Modérer | 31/05/2026 16:16 (20 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 367550 [a4m4 Student-Management-System Admin Endpoint admin/ uid Redirect] |
|---|
| Points | 20 |
|---|