提交 #829545: sayan365 student-management-system 1.0 Unauthenticated Access信息

标题sayan365 student-management-system 1.0 Unauthenticated Access
描述The `edit_attendance.php` script, which allows viewing and modifying attendance records, lacks any form of authentication or authorisation. It does not call `session_start()` and never checks for a valid login session (e.g., `$_SESSION['username']`). The file simply includes the database connection and then processes requests based on `$_GET['id']`. Key code snippet: ```php <?php include 'db.php'; ?> ... if (isset($_GET['id'])) { // displays existing attendance data ... if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_GET['id'])) { // updates attendance } } ```
来源⚠️ https://github.com/sayan365/student-management-system/issues/3
用户
 ciyou (UID 97928)
提交2026-05-14 09時32分 (21 日前)
管理2026-06-02 15時54分 (19 days later)
状态已接受
VulDB条目367927 [sayan365 student-management-system 直到 7f3c9ce7d410332335c2affac93a385485051800 弱身份验证]
积分20

上一步一览下一步

Do you want to use VulDB in your project?

Use the official API to access entries easily!