जमा करें #850695: SourceCodester Online Examination & Learning Management System 1.0 Missing Authorizationजानकारी

शीर्षकSourceCodester Online Examination & Learning Management System 1.0 Missing Authorization
विवरणThe ajax_enroll.php endpoint processes enrollment and unenrollment requests from any authenticated user without verifying the user's role or their relationship to the target student_id. The endpoint reads $_POST['student_id'], $_POST['schedule_id'], and $_POST['action'] directly from the request body and performs the corresponding database operation with no authorization logic. No CSRF token is implemented, enabling cross-site request forgery.
स्रोत⚠️ https://github.com/nuiifornet/A033/blob/main/OE-LMS-IDOR-ajax_enroll.md
उपयोगकर्ता
 Fklov (UID 98102)
सबमिशन06/06/2026 08:59 PM (29 दिन पहले)
संयम05/07/2026 06:08 AM (28 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि376368 [SourceCodester Onlne Examination & Learning Management System 1.0 Enrollment Management /ajax_enroll.php student_id/schedule_id/action अधिकार वृद्धि]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!