| Название | tittuvarghese CollegeManagementSystem 1.0 Privilege Escalation |
|---|
| Описание | After a user logs in, `dashboard.php` unconditionally includes the administrative panel (`admin_page.php`) if the `$UserAuthData` variable is truthy:
```php
if($UserAuthData)
include_once('dashboard_page/admin_page.php');
```
No check is performed against the user’s role (e.g., $UserAuthData['role']). As a result, any authenticated user – including a student – sees the full administrative sidebar and links (e.g., “Users”, “Courses”, “Upload Student Data”). Although the backend actions may still fail due to separate permission checks (if any exist), the student is presented with a fully functional admin interface, and when combined with other missing access control vulnerabilities, this directly leads to privilege escalation and unauthorised data manipulation.
Steps to Reproduce
Log in as a student with valid credentials.
After the redirect, access dashboard.php.
Observe that the page renders the admin menu items, including links to user management and other restricted sections.
Clicking on those links may lead to further administrative actions (depending on the state of access controls on those specific pages). |
|---|
| Источник | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/5 |
|---|
| Пользователь | wea5e1 (UID 98306) |
|---|
| Представление | 18.05.2026 18:04 (20 дни назад) |
|---|
| Модерация | 05.06.2026 10:10 (18 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 368874 [tittuvarghese CollegeManagementSystem Admin Interface admin_page.php UserAuthData эскалация привилегий] |
|---|
| Баллы | 20 |
|---|