| 标题 | LakshayD02 GitHub Hostel Management System PHP f87e67c283bab6f718faf2fec6ae39a13bd7036b Improper Authorization |
|---|
| 描述 | Hostel Management System PHP contains a missing authorization vulnerability in the admin panel. The normal user login flow sets $_SESSION['id'], and the admin authorization helper only checks whether $_SESSION['id'] is non-empty. It does not verify that the session belongs to an administrator.
In hostel/index.php, a successful ordinary user login sets $_SESSION['id'] and $_SESSION['login']. In hostel/admin/includes/checklogin.php, the admin authorization check only verifies if strlen($_SESSION['id']) == 0. Since ordinary users and administrators share the same $_SESSION['id'] session key, an authenticated ordinary student user can access admin-only pages.
The issue was verified on commit f87e67c283bab6f718faf2fec6ae39a13bd7036b. After logging in as the ordinary user [email protected] / rohansharma from hostel.sql, the following admin pages return HTTP/1.1 200 OK: /admin/dashboard.php, /admin/manage-students.php, /admin/create-room.php, and /admin/add-courses.php.
Impact: an ordinary authenticated user can access the admin dashboard, view student records, access management pages, and reach administrative functionality such as adding courses, adding rooms, viewing complaints, and potentially modifying or deleting records.
CWE: CWE-862 Missing Authorization.
Suggested CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 8.8 High. |
|---|
| 来源 | ⚠️ https://github.com/LakshayD02/Hostel-Management-System-PHP/issues/1 |
|---|
| 用户 | xady (UID 77122) |
|---|
| 提交 | 2026-05-17 03時41分 (24 日前) |
|---|
| 管理 | 2026-06-04 07時46分 (18 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 368263 [LakshayD02 Hostel-Management-System-PHP 直到 f87e67c283bab6f718faf2fec6ae39a13bd7036b Admin Dashboard Page hostel/index.php 标识符 权限提升] |
|---|
| 积分 | 20 |
|---|