Soumettre #829545: sayan365 student-management-system 1.0 Unauthenticated Accessinformation

Titresayan365 student-management-system 1.0 Unauthenticated Access
DescriptionThe `edit_attendance.php` script, which allows viewing and modifying attendance records, lacks any form of authentication or authorisation. It does not call `session_start()` and never checks for a valid login session (e.g., `$_SESSION['username']`). The file simply includes the database connection and then processes requests based on `$_GET['id']`. Key code snippet: ```php <?php include 'db.php'; ?> ... if (isset($_GET['id'])) { // displays existing attendance data ... if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['id'])) { // updates attendance } } ```
La source⚠️ https://github.com/sayan365/student-management-system/issues/3
Utilisateur
 ciyou (UID 97928)
Soumission14/05/2026 09:32 (il y a 24 jours)
Modérer02/06/2026 15:54 (19 days later)
StatutAccepté
Entrée VulDB367927 [sayan365 student-management-system authentification faible]
Points20

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!