CodeIgniter Student Management System Unauthenticated Access Vulnerability

A vulnerability exists in the CodeIgniter Student Management System developed by hemant6488. The issue is located in the 'Students' controller, specifically within the 'addStudentView' function. This vulnerability allows remote exploitation by bypassing authentication and authorization checks, leading to improper access controls. As a result, unauthenticated users can access and manipulate student management functionalities, including viewing, adding, editing, and deleting student records.

Impact

Exploitation of this vulnerability allows unauthenticated users to access sensitive student information and perform unauthorized actions such as adding, editing, or deleting student records. This could lead to a loss of data integrity and potential reputational damage for the institution.

Reproduction

To reproduce this vulnerability, access the 'Students' controller endpoints without logging in. The absence of authentication checks will result in a successful HTTP 200 response, granting access to the student management functionalities. This can be done using a tool like curl to send a request to the 'addStudentView' endpoint, which will also succeed without authentication.