| タイトル | LakshayD02 GitHub Hostel Management System PHP f87e67c283bab6f718faf2fec6ae39a13bd7036b Improper Authorization |
|---|
| 説明 | Hostel Management System PHP contains a missing authorization vulnerability in the admin panel. The normal user login flow sets $_SESSION['id'], and the admin authorization helper only checks whether $_SESSION['id'] is non-empty. It does not verify that the session belongs to an administrator.
In hostel/index.php, a successful ordinary user login sets $_SESSION['id'] and $_SESSION['login']. In hostel/admin/includes/checklogin.php, the admin authorization check only verifies if strlen($_SESSION['id']) == 0. Since ordinary users and administrators share the same $_SESSION['id'] session key, an authenticated ordinary student user can access admin-only pages.
The issue was verified on commit f87e67c283bab6f718faf2fec6ae39a13bd7036b. After logging in as the ordinary user [email protected] / rohansharma from hostel.sql, the following admin pages return HTTP/1.1 200 OK: /admin/dashboard.php, /admin/manage-students.php, /admin/create-room.php, and /admin/add-courses.php.
Impact: an ordinary authenticated user can access the admin dashboard, view student records, access management pages, and reach administrative functionality such as adding courses, adding rooms, viewing complaints, and potentially modifying or deleting records.
CWE: CWE-862 Missing Authorization.
Suggested CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 8.8 High. |
|---|
| ソース | ⚠️ https://github.com/LakshayD02/Hostel-Management-System-PHP/issues/1 |
|---|
| ユーザー | xady (UID 77122) |
|---|
| 送信 | 2026年05月17日 03:41 (22 日 ago) |
|---|
| モデレーション | 2026年06月04日 07:46 (18 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 368263 [LakshayD02 Hostel-Management-System-PHP 迄 f87e67c283bab6f718faf2fec6ae39a13bd7036b Admin Dashboard Page hostel/index.php 識別子 特権昇格] |
|---|
| ポイント | 20 |
|---|