| Título | QueryMine sms 1.0 Unauthorized Course Deletion |
|---|
| Descrição | The admin/deletecourse.php file is responsible for handling the course deletion function in the background management system. However, the code lacks necessary authentication and authorization verification mechanisms—there is no check on the user's login status (such as verifying the validity of the session Cookie) and administrator role permissions before executing the deletion operation. The key code directly obtains the course ID from the GET request parameter id through $_GET['id'], and concatenates it into the SQL deletion statement DELETE FROM course WHERE course_id='$get_course_id' without any filtering or parameterization. This leads to two high-risk security issues: authentication bypass (attackers can access the interface without logging in) and unauthorized access (any unauthenticated user can arbitrarily delete any course in the system by constructing a valid request, resulting in serious data loss and system functional damage. In addition, the project does not enable the Issue function, making it impossible to submit vulnerability reports and repair suggestions to the project maintainers through the official repository. |
|---|
| Fonte | ⚠️ https://github.com/duckpigdog/CVE/blob/main/QueryMine_sms%20PHP%20Project%20Deployment%20Document%20(Windows%20Local)-1.md |
|---|
| Utilizador | lzz0403 (UID 96714) |
|---|
| Submissão | 24/03/2026 07h47 (há 25 dias) |
|---|
| Moderação | 17/04/2026 09h14 (24 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 358034 [QueryMine sms até 7ab5a9ea196209611134525ffc18de25c57d9593 GET Request Parameter admin/deletecourse.php ID Injeção SQL] |
|---|
| Pontos | 20 |
|---|