| タイトル | SourceCodester (ampoldev) Online Examination & LMS (CICT Portal) by ampoldev 2026-05-25 Improper Privilege Management |
|---|
| 説明 | The public registration form at register.php renders an HTML <select> dropdown with role
values (student, instructor). The server-side handler (auth_process.php) reads the role
value directly from the POST body and inserts it into the users table without validation.
An unauthenticated attacker can intercept the POST request and change the role parameter
to any value, including "super_admin", gaining immediate administrative access to the
entire system.
No server-side allowlist is enforced. The vulnerability requires zero existing privileges
and is exploitable by any internet user who can reach the registration endpoint. |
|---|
| ソース | ⚠️ https://pastebin.com/Z4i5MGxk |
|---|
| ユーザー | ameenkbrd (UID 98192) |
|---|
| 送信 | 2026年06月04日 08:56 (1 月 ago) |
|---|
| モデレーション | 2026年07月04日 09:55 (1 month later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 376307 [SourceCodester Onlne Examination & Learning Management System 1.0 Registration Endpoint register.php role 特権昇格] |
|---|
| ポイント | 17 |
|---|