| Título | PHPGurukul Online Notes Sharing System 1.0 Improper Neutralization of Data within XPath Expressions |
|---|
| Descripción | A critical vulnerability was discovered in the PHP Gurukul - Online Notes Sharing System, a web application designed to manage and share academic notes among students and faculty. The vulnerability affects the session management logic handled via cookies and specifically targets the sessionid cookie used during authentication and user tracking.
The flaw allows attackers to perform XPath Injection by supplying specially crafted values in the sessionid cookie. Due to improper neutralization of input within XPath expressions, the application becomes vulnerable to logic manipulation, authentication bypass, and potential data extraction from the backend XML data store (e.g., usernames, passwords). |
|---|
| Fuente | ⚠️ https://github.com/Vanshdhawan188/Online-Notes-Sharing-System-Php-Gurukul-Python/blob/main/Online-Notes-Sharing-System-Php-Gurukul-Python-Xpath-Injection.md |
|---|
| Usuario | Subhash Paudel (UID 66830) |
|---|
| Sumisión | 2025-06-29 13:46 (hace 10 meses) |
|---|
| Moderación | 2025-07-07 08:02 (8 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 315093 [PHPGurukul Online Notes Sharing System 1.0 Cookie /Dashboard sessionid inyección SQL] |
|---|
| Puntos | 20 |
|---|