| Title | PHPGurukul Pre-School Enrollment System 1.0 access control |
|---|
| Description | There is a vertical override vulnerability in the/admin/add-subadmin.php system. In the system design, only super administrators can add sub administrators, but due to the lack of verification of user session identity in request verification. Resulting in low privileged users being able to successfully send requests to add sub administrators directly.Please refer to the following source code for details. |
|---|
| Source | ⚠️ https://github.com/SECWG/cve/issues/3 |
|---|
| User | WenGui (UID 82184) |
|---|
| Submission | 03/05/2025 17:11 (1 Year ago) |
|---|
| Moderation | 03/07/2025 07:21 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 298904 [PHPGurukul Pre-School Enrollment System 1.0 Sub Admin /admin/add-subadmin.php access control] |
|---|
| Points | 19 |
|---|