| 제목 | SourceCodester Student Result Management System 1.0 Path Traversal |
|---|
| 설명 | User can delete files through `academic/core/drop_student.php`. Users must authenticate with valid credentials to access the system. A vulnerability exists in the file deletion functionality where improper validation of the `img` parameter allows attackers to perform path traversal. By manipulating the parameter value, authenticated users can delete arbitrary files on the server, including critical system files, potentially leading to denial of service or further exploitation. |
|---|
| 원천 | ⚠️ https://github.com/Xiaoyi-ing/CVE/issues/4 |
|---|
| 사용자 | me1ody (UID 84857) |
|---|
| 제출 | 2025. 05. 02. AM 09:53 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 05. 15. AM 09:00 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 309022 [SourceCodester Student Result Management System 1.0 drop_student.php img 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|