| tiêu đề | tittuvarghese CollegeManagementSystem 1.0 Session Fixation Leading to Account Takeover |
|---|
| Mô tả | The login script initialises a session with `session_start()` at line 3 but fails to regenerate the session identifier after a successful login. When the user’s credentials are validated, the server stores the authentication data into the existing session and redirects to the dashboard:
```php
session_start();
...
$_SESSION['UserAuthData']=$UserAuthData;
header('Location: dashboard.php');
```
Because session_regenerate_id(true) is never called, the session ID remains the same as before the login. An attacker can obtain a valid session ID (e.g., by visiting the site, or by setting an arbitrary PHPSESSID cookie) and trick a victim into authenticating with that same ID. Once the victim logs in, the attacker can reuse the now‑authenticated session ID and gain full access to the victim’s account. |
|---|
| Nguồn | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/4 |
|---|
| Người dùng | songlan (UID 98308) |
|---|
| Đệ trình | 18/05/2026 17:33 (cách đây 22 ngày) |
|---|
| Kiểm duyệt | 05/06/2026 10:10 (18 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 368873 [tittuvarghese CollegeManagementSystem /login-form.php session_start UserAuthData xác thực yếu] |
|---|
| điểm | 20 |
|---|