| tiêu đề | tittuvarghese CollegeManagementSystem 1.0 Privilege Escalation |
|---|
| Mô tả | After a user logs in, `dashboard.php` unconditionally includes the administrative panel (`admin_page.php`) if the `$UserAuthData` variable is truthy:
```php
if($UserAuthData)
include_once('dashboard_page/admin_page.php');
```
No check is performed against the user’s role (e.g., $UserAuthData['role']). As a result, any authenticated user – including a student – sees the full administrative sidebar and links (e.g., “Users”, “Courses”, “Upload Student Data”). Although the backend actions may still fail due to separate permission checks (if any exist), the student is presented with a fully functional admin interface, and when combined with other missing access control vulnerabilities, this directly leads to privilege escalation and unauthorised data manipulation.
Steps to Reproduce
Log in as a student with valid credentials.
After the redirect, access dashboard.php.
Observe that the page renders the admin menu items, including links to user management and other restricted sections.
Clicking on those links may lead to further administrative actions (depending on the state of access controls on those specific pages). |
|---|
| Nguồn | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/5 |
|---|
| Người dùng | wea5e1 (UID 98306) |
|---|
| Đệ trình | 18/05/2026 18:04 (cách đây 21 ngày) |
|---|
| Kiểm duyệt | 05/06/2026 10:10 (18 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 368874 [tittuvarghese CollegeManagementSystem Admin Interface admin_page.php UserAuthData nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|