| Título | SourceCodester Student Result Management System 1.0 Cleartext Storage of Sensitive Information |
|---|
| Descripción | A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as critical. This affects an unknown part of the file /srms/login_credentials.txt. The manipulation leads to cleartext storage of sensitive information.
It is possible to launch the attack remotely without authentication. No user interaction is required. The file login_credentials.txt is stored within the web-accessible root directory without any access restriction.
An unauthenticated attacker can retrieve plaintext login credentials for all four user roles (Administrator, Academic Teacher, Teacher, Student) by sending a direct HTTP GET request to the file path. |
|---|
| Fuente | ⚠️ https://drive.google.com/file/d/1moQEev6skJoIe7UlL6YyR2xGgX5smeXb/view?usp=sharing |
|---|
| Usuario | Humraaz21 (UID 96305) |
|---|
| Sumisión | 2026-03-18 07:27 (hace 29 días) |
|---|
| Moderación | 2026-04-04 08:31 (17 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 355284 [SourceCodester Student Result Management System 1.0 HTTP GET Request /login_credentials.txt divulgación de información] |
|---|
| Puntos | 20 |
|---|