| Título | tittuvarghese CollegeManagementSystem 1.0 Session Fixation Leading to Account Takeover |
|---|
| Descrição | The login script initialises a session with `session_start()` at line 3 but fails to regenerate the session identifier after a successful login. When the user’s credentials are validated, the server stores the authentication data into the existing session and redirects to the dashboard:
```php
session_start();
...
$_SESSION['UserAuthData']=$UserAuthData;
header('Location: dashboard.php');
```
Because session_regenerate_id(true) is never called, the session ID remains the same as before the login. An attacker can obtain a valid session ID (e.g., by visiting the site, or by setting an arbitrary PHPSESSID cookie) and trick a victim into authenticating with that same ID. Once the victim logs in, the attacker can reuse the now‑authenticated session ID and gain full access to the victim’s account. |
|---|
| Fonte | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/4 |
|---|
| Utilizador | songlan (UID 98308) |
|---|
| Submissão | 18/05/2026 17h33 (há 23 dias) |
|---|
| Moderação | 05/06/2026 10h10 (18 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 368873 [tittuvarghese CollegeManagementSystem /login-form.php session_start UserAuthData Autenticação fraca] |
|---|
| Pontos | 20 |
|---|