A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controllers/AdminController.php of the component Profile Update Endpoint. The manipulation of the argument isadmin leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The project was informed of the problem early through an issue report but has not responded yet.
A privilege escalation vulnerability exists in Kushan2k student-management-system where the edit-admin function improperly validates the isadmin parameter, allowing unauthorized users to elevate their privileges. The vulnerability affects the Profile Update Endpoint in AdminController.php and is remotely exploitable with public exploit code available.
يؤثر هذا الضعف على وظيفة edit-admin في ملف AdminController.php حيث يمكن للمهاجمين التلاعب بمعامل isadmin لتجاوز فحوصات التفويض. يسمح الضعف بالاستغلال عن بعد وقد تم الكشف عن رمز الاستغلال علناً.
An authorization bypass vulnerability has been discovered in Kushan2k student-management-system that allows attackers to manipulate the isadmin parameter and gain administrative privileges without proper validation. The flaw exists in the edit-admin function and can be exploited remotely by unauthenticated users.
Update Kushan2k student-management-system to the latest version beyond commit f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Implement strict server-side validation of the isadmin parameter with role-based access control. Verify user authorization before processing profile updates. Apply input validation and sanitization for all administrative parameters. Monitor access logs for suspicious privilege escalation attempts.
قم بتحديث نظام Kushan2k لإدارة الطلاب إلى أحدث إصدار بعد الالتزام المحدد. طبق التحقق الصارم من جانب الخادم لمعامل isadmin مع التحكم في الوصول القائم على الأدوار. تحقق من تفويض المستخدم قبل معالجة تحديثات الملف الشخصي. طبق التحقق من صحة المدخلات والتنظيف لجميع المعاملات الإدارية. راقب سجلات الوصول للكشف عن محاولات تصعيد الامتيازات المريبة.