| 제목 | a4m4 Student-Management-System--PHP- 1.0 Authentication Bypass |
|---|
| 설명 | The access control mechanism at the top of almost every file in the `admin/` directory is insufficiently implemented. It checks for a valid session but, after sending a redirect header, fails to terminate script execution:
```php
session_start();
if(isset($_SESSION['uid'])){
echo "";
} else {
header('location: ../login.php');
}
```
Because there is no exit; or die; statement after the header() call, PHP continues to execute the rest of the script, rendering the full protected page (HTML, forms, sensitive data) and sending it to the client along with the 302 redirect. An attacker can simply ignore the redirect instruction and read the response body, thereby gaining unauthorised access to all administrative functionality. |
|---|
| 원천 | ⚠️ https://github.com/a4m4/Student-Management-System--PHP-/issues/2 |
|---|
| 사용자 | gscsd (UID 97914) |
|---|
| 제출 | 2026. 05. 11. AM 05:59 (26 날 ago) |
|---|
| 모더레이션 | 2026. 05. 31. PM 04:16 (20 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367550 [a4m4 Student-Management-System 까지 f0c5f6842c5e8c431ff02b5260a565ca844df3a0 Admin Endpoint admin/ uid Redirect] |
|---|
| 포인트들 | 20 |
|---|