| عنوان | SourceCodester Student Result Management System 1.0 Cleartext Storage of Sensitive Information |
|---|
| الوصف | A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as critical. This affects an unknown part of the file /srms/login_credentials.txt. The manipulation leads to cleartext storage of sensitive information.
It is possible to launch the attack remotely without authentication. No user interaction is required. The file login_credentials.txt is stored within the web-accessible root directory without any access restriction.
An unauthenticated attacker can retrieve plaintext login credentials for all four user roles (Administrator, Academic Teacher, Teacher, Student) by sending a direct HTTP GET request to the file path. |
|---|
| المصدر | ⚠️ https://drive.google.com/file/d/1moQEev6skJoIe7UlL6YyR2xGgX5smeXb/view?usp=sharing |
|---|
| المستخدم | Humraaz21 (UID 96305) |
|---|
| ارسال | 18/03/2026 07:27 AM (29 أيام منذ) |
|---|
| الاعتدال | 04/04/2026 08:31 AM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 355284 [SourceCodester Student Result Management System 1.0 HTTP GET Request /login_credentials.txt الكشف عن المعلومات] |
|---|
| النقاط | 20 |
|---|