Submit #849496: mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Authorization Bypass Through User-Controlled SQL Primary Keyinfo

Titlemjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Authorization Bypass Through User-Controlled SQL Primary Key
DescriptionThe affected components are note and assignment object endpoints under `application/PHP/objects/notes/`, including `update_assignment_answer.php`, `retrieve_assignment_answer_to_update.php`, `update_scratch_data.php`, `retrieve_scratch_data_to_update.php`, and `delete_scratch_data.php`. These endpoints accept object identifiers from POST data and call controller methods that read, update, or delete records by primary key without checking authentication or ownership: ```php $assignment_item_id = $_POST["assignment_item_id"]; $answer = $_POST["answer"]; $execute_function->update_assignment_answer($answer, $assignment_item_id); ``` ```php $insert_answer_statement = $this->db_holder->prepare("UPDATE assignment_items SET answer = ? WHERE item_id = ?"); $insert_answer_statement->execute(array($answer, $assignment_item_id)); ``` ```php $new_scratch_data = $_POST["new_scratch_data"]; $scratch_data_id = $_POST["scratch_data_id"]; $execute_function->update_scratch_data($new_scratch_data, $scratch_data_id); ``` ```php $update_statement = $this->db_holder->prepare("UPDATE scratch_data SET scratch_data = ? WHERE scratch_data_id = ?;"); $update_statement->execute(array($new_scratch_data, $scratch_data_id)); ``` An unauthenticated attacker can modify or read other users' assignment answers and scratch notes by guessing numeric IDs. This causes unauthorized data disclosure and tampering.
Source⚠️ https://github.com/mjperpinosa/stumasy/issues/9
User
 gscsd (UID 97914)
Submission06/05/2026 16:53 (29 days ago)
Moderation07/04/2026 17:50 (29 days later)
StatusAccepted
VulDB entry376342 [mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be Note Handler/Assignment /PHP/objects/notes assignment_item_id authorization]
Points20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!