diff --git a/vulnerabilities/authbypass/change_user_details.php b/vulnerabilities/authbypass/change_user_details.php
index bf4886fa6..da54d5957 100644
--- a/vulnerabilities/authbypass/change_user_details.php
+++ b/vulnerabilities/authbypass/change_user_details.php
@@ -10,6 +10,7 @@
 
 if (dvwaSecurityLevelGet() == "impossible" && dvwaCurrentUser() != "admin") {
 	print json_encode (array ("result" => "fail", "error" => "Access denied"));
+	exit;
 }
 
 if ($_SERVER['REQUEST_METHOD'] != "POST") {
diff --git a/vulnerabilities/authbypass/get_user_data.php b/vulnerabilities/authbypass/get_user_data.php
index 941e80945..f2eb7c2fa 100644
--- a/vulnerabilities/authbypass/get_user_data.php
+++ b/vulnerabilities/authbypass/get_user_data.php
@@ -9,6 +9,7 @@
 */
 if ((dvwaSecurityLevelGet() == "high" || dvwaSecurityLevelGet() == "impossible") && dvwaCurrentUser() != "admin") {
 	print json_encode (array ("result" => "fail", "error" => "Access denied"));
+	exit;
 }
 
 $query  = "SELECT user_id, first_name, last_name FROM users";