| Title | SourceCodester Student Result Management System 1.0 Improper Access Control for Register Interface |
|---|
| Description | An endpoint (/srms/admin/core/new_user) in SRMS 1.0 allows the creation of admin-level accounts without any authentication or access control. This enables an attacker to send a crafted POST request and register a new privileged user on the system.
|
|---|
| Source | ⚠️ https://github.com/Watskip/GeneralResearch/blob/main/Exploits/SRMS/Unauthorized%20privileged%20user%20creation.md |
|---|
| User | Tensei (UID 85925) |
|---|
| Submission | 06/03/2025 16:13 (1 Year ago) |
|---|
| Moderation | 06/04/2025 14:33 (22 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 311139 [SourceCodester Student Result Management System 1.0 Register Interface /admin/core/new_user access control] |
|---|
| Points | 18 |
|---|