제출 #849496: mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Authorization Bypass Through User-Controlled SQL Primary Key정보

제목mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Authorization Bypass Through User-Controlled SQL Primary Key
설명The affected components are note and assignment object endpoints under `application/PHP/objects/notes/`, including `update_assignment_answer.php`, `retrieve_assignment_answer_to_update.php`, `update_scratch_data.php`, `retrieve_scratch_data_to_update.php`, and `delete_scratch_data.php`. These endpoints accept object identifiers from POST data and call controller methods that read, update, or delete records by primary key without checking authentication or ownership: ```php $assignment_item_id = $_POST["assignment_item_id"]; $answer = $_POST["answer"]; $execute_function->update_assignment_answer($answer, $assignment_item_id); ``` ```php $insert_answer_statement = $this->db_holder->prepare("UPDATE assignment_items SET answer = ? WHERE item_id = ?"); $insert_answer_statement->execute(array($answer, $assignment_item_id)); ``` ```php $new_scratch_data = $_POST["new_scratch_data"]; $scratch_data_id = $_POST["scratch_data_id"]; $execute_function->update_scratch_data($new_scratch_data, $scratch_data_id); ``` ```php $update_statement = $this->db_holder->prepare("UPDATE scratch_data SET scratch_data = ? WHERE scratch_data_id = ?;"); $update_statement->execute(array($new_scratch_data, $scratch_data_id)); ``` An unauthenticated attacker can modify or read other users' assignment answers and scratch notes by guessing numeric IDs. This causes unauthorized data disclosure and tampering.
원천⚠️ https://github.com/mjperpinosa/stumasy/issues/9
사용자
 gscsd (UID 97914)
제출2026. 06. 05. PM 04:53 (29 날 ago)
모더레이션2026. 07. 04. PM 05:50 (29 days later)
상태수락
VulDB 항목376342 [mjperpinosa stumasy 까지 327d1b0f2915ba79d7ef8ebb74553e987609d9be Note Handler/Assignment /PHP/objects/notes assignment_item_id 권한 상승]
포인트들20

Interested in the pricing of exploits?

See the underground prices here!