| 标题 | tittuvarghese CollegeManagementSystem 1.0 Privilege Escalation |
|---|
| 描述 | After a user logs in, `dashboard.php` unconditionally includes the administrative panel (`admin_page.php`) if the `$UserAuthData` variable is truthy:
```php
if($UserAuthData)
include_once('dashboard_page/admin_page.php');
```
No check is performed against the user’s role (e.g., $UserAuthData['role']). As a result, any authenticated user – including a student – sees the full administrative sidebar and links (e.g., “Users”, “Courses”, “Upload Student Data”). Although the backend actions may still fail due to separate permission checks (if any exist), the student is presented with a fully functional admin interface, and when combined with other missing access control vulnerabilities, this directly leads to privilege escalation and unauthorised data manipulation.
Steps to Reproduce
Log in as a student with valid credentials.
After the redirect, access dashboard.php.
Observe that the page renders the admin menu items, including links to user management and other restricted sections.
Clicking on those links may lead to further administrative actions (depending on the state of access controls on those specific pages). |
|---|
| 来源 | ⚠️ https://github.com/tittuvarghese/CollegeManagementSystem/issues/5 |
|---|
| 用户 | wea5e1 (UID 98306) |
|---|
| 提交 | 2026-05-18 18時04分 (23 日前) |
|---|
| 管理 | 2026-06-05 10時10分 (18 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 368874 [tittuvarghese CollegeManagementSystem Admin Interface admin_page.php UserAuthData 权限提升] |
|---|
| 积分 | 20 |
|---|