Unauthorized access to the online examination system

[bjmy18]

1、Log in to the teacher account, edit it in student management, capture the package, delete the cookie, and still be able to access it. Unauthorized access is found

2、Try to modify the student's content information, for example: change the original password 123456 to 666666

3、At this time, I logged into the student account again and found that the password was changed to 666666, and successfully completed the login

4、In the source code audit, it was found that no permission identification was done