| शीर्षक | SourceCodester Onlne Examination & Learning Management System using PHP and MySQL 0 Use of Hard-coded Password |
|---|
| विवरण | During the assessment of this project (Onlne Examination & Learning Management System using PHP and MySQL), it was observed that the application has a hardcoded password used during the import of the users data.
This happens in "import_users.php" on line 58.
$raw_password = (!empty($data[10])) ? $data[10] : "CICT_2026"; // VULNERABLE
Ideally, the password should be encrypted or moved to .env (not pushed to PROD) or secure the password within the database called by the Application during the runtime. |
|---|
| उपयोगकर्ता | Kamran Saifullah (UID 4218) |
|---|
| सबमिशन | 25/05/2026 01:04 PM (16 दिन पहले) |
|---|
| संयम | 08/06/2026 07:18 AM (14 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 369162 [SourceCodester Onlne Examination & Learning Management System 1.0 import_users.php raw_password कमजोर प्रमाणीकरण] |
|---|
| अंक | 17 |
|---|