Submit #829567: sayan365 student-management-system 1.0 Unauthenticated Accessinfo

Titlesayan365 student-management-system 1.0 Unauthenticated Access
DescriptionThe `delete_subject.php` script performs a destructive operation (deletion of a subject from the database) but contains **no authentication or authorisation checks**. It does not call `session_start()` or verify any session variables. The file simply includes the database connection and then deletes a subject based on the `id` parameter supplied via the URL: ```php include 'db.php'; if (isset($_GET['id'])) { $sql = "DELETE FROM subjects WHERE id = $id"; ```
Source⚠️ https://github.com/sayan365/student-management-system/issues/6
User
 FuB0Y (UID 98142)
Submission05/14/2026 09:51 (2 months ago)
Moderation06/02/2026 15:54 (19 days later)
StatusDuplicate
VulDB entry367927 [sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800 improper authentication]
Points0

Want to stay up to date on a daily basis?

Enable the mail alert feature now!