제출 #847515: SourceCodester (ampoldev) Online Examination & LMS (CICT Portal) by ampoldev 2026-05-25 Improper Privilege Management정보

제목SourceCodester (ampoldev) Online Examination & LMS (CICT Portal) by ampoldev 2026-05-25 Improper Privilege Management
설명The public registration form at register.php renders an HTML <select> dropdown with role values (student, instructor). The server-side handler (auth_process.php) reads the role value directly from the POST body and inserts it into the users table without validation. An unauthenticated attacker can intercept the POST request and change the role parameter to any value, including "super_admin", gaining immediate administrative access to the entire system. No server-side allowlist is enforced. The vulnerability requires zero existing privileges and is exploitable by any internet user who can reach the registration endpoint.
원천⚠️ https://pastebin.com/Z4i5MGxk
사용자
 ameenkbrd (UID 98192)
제출2026. 06. 04. AM 08:56 (1 월 ago)
모더레이션2026. 07. 04. AM 09:55 (1 month later)
상태수락
VulDB 항목376307 [SourceCodester Onlne Examination & Learning Management System 1.0 Registration Endpoint register.php role 권한 상승]
포인트들17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!