| Titel | SourceCodester Student Result Management System 1.0 Path Traversal |
|---|
| Beschreibung | User can delete files through `academic/core/drop_student.php`. Users must authenticate with valid credentials to access the system. A vulnerability exists in the file deletion functionality where improper validation of the `img` parameter allows attackers to perform path traversal. By manipulating the parameter value, authenticated users can delete arbitrary files on the server, including critical system files, potentially leading to denial of service or further exploitation. |
|---|
| Quelle | ⚠️ https://github.com/Xiaoyi-ing/CVE/issues/4 |
|---|
| Benutzer | me1ody (UID 84857) |
|---|
| Einreichung | 02.05.2025 09:53 (vor 12 Monaten) |
|---|
| Moderieren | 15.05.2025 09:00 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 309022 [SourceCodester Student Result Management System 1.0 drop_student.php img Directory Traversal] |
|---|
| Punkte | 20 |
|---|