| Titolo | sourcecodester Employee and visitor pass logging system v1.0 Directory traversal |
|---|
| Descrizione | The employee and visitor pass login system 1.0 has an unrestricted directory traversal attack, the attack method is /employee_gatepass/database/ /employee_gatepass/dist/ /employee_gatepass/libs/ /employee_gatepass/uploads/. Accessing the following route will allow unrestricted access to any file in the directory and can directly download it, thereby obtaining sensitive information from the server. |
|---|
| Fonte | ⚠️ https://github.com/happytraveller-alone/cve/blob/main/dir.md |
|---|
| Utente | happytraveller (UID 82753) |
|---|
| Sottomissione | 13/03/2025 13:02 (1 Anno fa) |
|---|
| Moderazione | 22/03/2025 09:10 (9 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 300667 [SourceCodester Employee and Visitor Gate Pass Logging System 1.0 rivelazione di informazioni] |
|---|
| Punti | 20 |
|---|