| शीर्षक | Code-Projects 学生文件管理系统 V1.0 越权 |
|---|
| विवरण | A privilege escalation vulnerability was discovered in the "/download.php" file of the "Student Profile Management System PHP". The reason for the issue is that after the attacker logs in with valid credentials, they can download files that do not belong to them by changing the value of "store_id". The application failed to properly sanitize or verify during the download process. This allowed the attacker to download sensitive files, which could potentially lead to the server being compromised. |
|---|
| स्रोत | ⚠️ https://github.com/Bai-public/CVE/issues/5 |
|---|
| उपयोगकर्ता | Mountain Ghost (UID 92943) |
|---|
| सबमिशन | 27/12/2025 05:41 AM (6 महीनों पहले) |
|---|
| संयम | 28/12/2025 02:07 PM (1 day later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 338598 [code-projects Student File Management System 1.0 File Download /download.php store_id अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|