| عنوان | SourceCodester Student Result Management System 1.0 Path Traversal |
|---|
| الوصف | User can delete files through `academic/core/drop_student.php`. Users must authenticate with valid credentials to access the system. A vulnerability exists in the file deletion functionality where improper validation of the `img` parameter allows attackers to perform path traversal. By manipulating the parameter value, authenticated users can delete arbitrary files on the server, including critical system files, potentially leading to denial of service or further exploitation. |
|---|
| المصدر | ⚠️ https://github.com/Xiaoyi-ing/CVE/issues/4 |
|---|
| المستخدم | me1ody (UID 84857) |
|---|
| ارسال | 02/05/2025 09:53 AM (12 أشهر منذ) |
|---|
| الاعتدال | 15/05/2025 09:00 AM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 309022 [SourceCodester Student Result Management System 1.0 drop_student.php img اجتياز الدليل] |
|---|
| النقاط | 20 |
|---|