| Title | sayan365 student-management-system 1.0 Unauthenticated Access |
|---|
| Description | `edit_marks.php` starts a session with `session_start()` at line 3, but fails to verify whether the user is logged in (e.g., by checking `isset($_SESSION['username'])`). It then proceeds to handle requests based on `$_GET['id']` and `$_POST['update']`, allowing any unauthenticated visitor to view and modify student marks.
Key code pattern:
```php
session_start();
...
if (isset($_GET['id'])) {
// displays existing marks data
...
if (isset($_POST['update'])) {
// updates marks record
}
}
``` |
|---|
| Source | ⚠️ https://github.com/sayan365/student-management-system/issues/5 |
|---|
| User | FuB0Y (UID 98142) |
|---|
| Submission | 05/14/2026 09:47 (2 months ago) |
|---|
| Moderation | 06/02/2026 15:54 (19 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 367927 [sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800 improper authentication] |
|---|
| Points | 0 |
|---|