| タイトル | tittuvarghese CollegeManagementSystem 1.0 Privilege Escalation |
|---|
| 説明 | After a user logs in, `dashboard.php` unconditionally includes the administrative panel (`admin_page.php`) if the `$UserAuthData` variable is truthy:
```php
if($UserAuthData)
include_once('dashboard_page/admin_page.php');
```
No check is performed against the user’s role (e.g., $UserAuthData['role']). As a result, any authenticated user – including a student – sees the full administrative sidebar and links (e.g., “Users”, “Courses”, “Upload Student Data”). Although the backend actions may still fail due to separate permission checks (if any exist), the student is presented with a fully functional admin interface, and when combined with other missing access control vulnerabilities, this directly leads to privilege escalation and unauthorised data manipulation.
Steps to Reproduce
Log in as a student with valid credentials.
After the redirect, access dashboard.php.
Observe that the page renders the admin menu items, including links to user management and other restricted sections.
Clicking on those links may lead to further administrative actions (depending on the state of access controls on those specific pages). |
|---|
| ソース | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/5 |
|---|
| ユーザー | wea5e1 (UID 98306) |
|---|
| 送信 | 2026年05月18日 18:04 (23 日 ago) |
|---|
| モデレーション | 2026年06月05日 10:10 (18 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 368874 [tittuvarghese CollegeManagementSystem Admin Interface admin_page.php UserAuthData 特権昇格] |
|---|
| ポイント | 20 |
|---|