| 제목 | raisulislamg4 student_management_system_by_php 1.0 Unauthenticated Arbitrary Record Deletion |
|---|
| 설명 | The `delete.php` script allows the deletion of various records (users, courses, teachers, students, applications) based on URL parameters (`user_id`, `course_id`, `teacher_id`, `student_id`, `application_id`) **without any authentication or authorisation**. The file does not check whether the requester is logged in, nor does it validate that the caller has permission to perform deletions. Additionally, the SQL queries are built by directly concatenating the unsanitised `$_GET` values, making the endpoint also vulnerable to SQL injection.
Example vulnerable code:
```php
require_once "db_con.php";
if ($_GET['user_id']) {
$user_id = $_GET['user_id'];
$sql = "DELETE FROM USERS WHERE ID='$user_id'";
$result = mysqli_query($data, $sql);
if ($result) {
header("location:user_list.php");
}
} |
|---|
| 원천 | ⚠️ https://github.com/raisulislamg4/student_management_system_by_php/issues/3 |
|---|
| 사용자 | buerchen (UID 97910) |
|---|
| 제출 | 2026. 05. 08. AM 06:26 (28 날 ago) |
|---|
| 모더레이션 | 2026. 05. 31. AM 09:59 (23 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367505 [raisulislamg4 student_management_system_by_php 까지 310d950e09013d5133c6b9210aff9444382d16d1 delete.php SQL 주입] |
|---|
| 포인트들 | 20 |
|---|