Submit #829566: sayan365 student-management-system 1.0 Unauthenticated Accessinfo

Titlesayan365 student-management-system 1.0 Unauthenticated Access
Description`edit_marks.php` starts a session with `session_start()` at line 3, but fails to verify whether the user is logged in (e.g., by checking `isset($_SESSION['username'])`). It then proceeds to handle requests based on `$_GET['id']` and `$_POST['update']`, allowing any unauthenticated visitor to view and modify student marks. Key code pattern: ```php session_start(); ... if (isset($_GET['id'])) { // displays existing marks data ... if (isset($_POST['update'])) { // updates marks record } } ```
Source⚠️ https://github.com/sayan365/student-management-system/issues/5
User
 FuB0Y (UID 98142)
Submission05/14/2026 09:47 (2 months ago)
Moderation06/02/2026 15:54 (19 days later)
StatusDuplicate
VulDB entry367927 [sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800 improper authentication]
Points0

Do you need the next level of professionalism?

Upgrade your account now!