| शीर्षक | raisulislamg4 student_management_system_by_php 1.0 Unauthenticated Arbitrary User Creation |
|---|
| विवरण | The `add_user_check.php` script allows anyone to create a new user account, including administrative accounts, **without any authentication**. Although `session_start()` is called, there is no check to ensure the requester is logged in or has the necessary privileges (e.g., an existing admin). The script blindly inserts the supplied `role` value (from `$_POST['role']`) into the database:
```php
session_start();
if (isset($_POST['apply'])) {
$role_data = $_POST['role'];
...
$sql="INSERT INTO USERS(..., ROLE, PASSWORD)
VALUES(..., '$role_data', '$password_data')";
$result = mysqli_query($data, $sql);
if ($result) {
header("location:add_user.php");
}
}
An unauthenticated attacker can send a POST request with role=admin and immediately gain permanent administrator access to the application. |
|---|
| स्रोत | ⚠️ https://github.com/raisulislamg4/student_management_system_by_php/issues/4 |
|---|
| उपयोगकर्ता | Fybox (UID 97913) |
|---|
| सबमिशन | 08/05/2026 06:35 AM (29 दिन पहले) |
|---|
| संयम | 31/05/2026 09:59 AM (23 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367506 [raisulislamg4 student_management_system_by_php तक 310d950e09013d5133c6b9210aff9444382d16d1 User Creation add_user_check.php role SQL इंजेक्शन] |
|---|
| अंक | 20 |
|---|