| 제목 | QueryMine sms 1.0 Unauthorized Course Deletion |
|---|
| 설명 | The admin/deletecourse.php file is responsible for handling the course deletion function in the background management system. However, the code lacks necessary authentication and authorization verification mechanisms—there is no check on the user's login status (such as verifying the validity of the session Cookie) and administrator role permissions before executing the deletion operation. The key code directly obtains the course ID from the GET request parameter id through $_GET['id'], and concatenates it into the SQL deletion statement DELETE FROM course WHERE course_id='$get_course_id' without any filtering or parameterization. This leads to two high-risk security issues: authentication bypass (attackers can access the interface without logging in) and unauthorized access (any unauthenticated user can arbitrarily delete any course in the system by constructing a valid request, resulting in serious data loss and system functional damage. In addition, the project does not enable the Issue function, making it impossible to submit vulnerability reports and repair suggestions to the project maintainers through the official repository. |
|---|
| 원천 | ⚠️ https://github.com/duckpigdog/CVE/blob/main/QueryMine_sms%20PHP%20Project%20Deployment%20Document%20(Windows%20Local)-1.md |
|---|
| 사용자 | lzz0403 (UID 96714) |
|---|
| 제출 | 2026. 03. 24. AM 07:47 (30 날 ago) |
|---|
| 모더레이션 | 2026. 04. 17. AM 09:14 (24 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 358034 [QueryMine sms 까지 7ab5a9ea196209611134525ffc18de25c57d9593 GET Request Parameter admin/deletecourse.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|