| Title | tittuvarghese CollegeManagementSystem 1.0 Session Fixation Leading to Account Takeover |
|---|
| Description | The login script initialises a session with `session_start()` at line 3 but fails to regenerate the session identifier after a successful login. When the user’s credentials are validated, the server stores the authentication data into the existing session and redirects to the dashboard:
```php
session_start();
...
$_SESSION['UserAuthData']=$UserAuthData;
header('Location: dashboard.php');
```
Because session_regenerate_id(true) is never called, the session ID remains the same as before the login. An attacker can obtain a valid session ID (e.g., by visiting the site, or by setting an arbitrary PHPSESSID cookie) and trick a victim into authenticating with that same ID. Once the victim logs in, the attacker can reuse the now‑authenticated session ID and gain full access to the victim’s account. |
|---|
| Source | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/4 |
|---|
| User | songlan (UID 98308) |
|---|
| Submission | 05/18/2026 17:33 (22 days ago) |
|---|
| Moderation | 06/05/2026 10:10 (18 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 368873 [tittuvarghese CollegeManagementSystem /login-form.php session_start UserAuthData session fixiation] |
|---|
| Points | 20 |
|---|