| tiêu đề | raisulislamg4 student_management_system_by_php 1.0 Unauthenticated Arbitrary Record Deletion |
|---|
| Mô tả | The `delete.php` script allows the deletion of various records (users, courses, teachers, students, applications) based on URL parameters (`user_id`, `course_id`, `teacher_id`, `student_id`, `application_id`) **without any authentication or authorisation**. The file does not check whether the requester is logged in, nor does it validate that the caller has permission to perform deletions. Additionally, the SQL queries are built by directly concatenating the unsanitised `$_GET` values, making the endpoint also vulnerable to SQL injection.
Example vulnerable code:
```php
require_once "db_con.php";
if ($_GET['user_id']) {
$user_id = $_GET['user_id'];
$sql = "DELETE FROM USERS WHERE ID='$user_id'";
$result = mysqli_query($data, $sql);
if ($result) {
header("location:user_list.php");
}
} |
|---|
| Nguồn | ⚠️ https://github.com/raisulislamg4/student_management_system_by_php/issues/3 |
|---|
| Người dùng | buerchen (UID 97910) |
|---|
| Đệ trình | 08/05/2026 06:26 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 31/05/2026 09:59 (23 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 367505 [raisulislamg4 student_management_system_by_php đến 310d950e09013d5133c6b9210aff9444382d16d1 delete.php Tiêm SQL] |
|---|
| điểm | 20 |
|---|