A4m4 Student Management System Admin Endpoint Authentication Bypass Vulnerability

An authentication bypass vulnerability has been identified in the A4m4 Student Management System in the admin directory. This flaw affects an unknown function within the admin endpoint component, in versions prior to f0c5f6842c5e8c431ff02b5260a565ca844df3a0. The vulnerability arises because the access control mechanism fails to properly terminate script execution after sending a redirect header. As a result, unauthorized users can access protected pages and administrative functionalities remotely. The issue has been publicly disclosed and exploited.

Impact

Exploitation of this vulnerability leads to a complete bypass of authentication, allowing unauthorized users to access, modify, and delete data within the application. Additionally, sensitive information typically restricted to administrators, such as student records and configuration data, is exposed. This vulnerability could also be exploited in conjunction with other issues, like SQL injection or stored cross-site scripting, to compromise the entire system.

Reproduction

To reproduce this vulnerability, send a request to any PHP file within the admin directory, such as 'updatestudent.php', without a valid session cookie. The response will include a 302 redirect to the login page, but also the full content of the requested admin page, including forms and sensitive data, effectively bypassing authentication.