College Management System 1.0 suffers from an insecure direct object reference that allows a user to add an administrator without any authentication. Continue reading...