| タイトル | a4m4 Student-Management-System--PHP- 1.0 Authentication Bypass |
|---|
| 説明 | The access control mechanism at the top of almost every file in the `admin/` directory is insufficiently implemented. It checks for a valid session but, after sending a redirect header, fails to terminate script execution:
```php
session_start();
if(isset($_SESSION['uid'])){
echo "";
} else {
header('location: ../login.php');
}
```
Because there is no exit; or die; statement after the header() call, PHP continues to execute the rest of the script, rendering the full protected page (HTML, forms, sensitive data) and sending it to the client along with the 302 redirect. An attacker can simply ignore the redirect instruction and read the response body, thereby gaining unauthorised access to all administrative functionality. |
|---|
| ソース | ⚠️ https://github.com/a4m4/Student-Management-System--PHP-/issues/2 |
|---|
| ユーザー | gscsd (UID 97914) |
|---|
| 送信 | 2026年05月11日 05:59 (25 日 ago) |
|---|
| モデレーション | 2026年05月31日 16:16 (20 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 367550 [a4m4 Student-Management-System 迄 f0c5f6842c5e8c431ff02b5260a565ca844df3a0 Admin Endpoint admin/ uid Redirect] |
|---|
| ポイント | 20 |
|---|