| 제목 | PHPGurukul Online Notes Sharing System 1.0 Improper Neutralization of Data within XPath Expressions |
|---|
| 설명 | A critical vulnerability was discovered in the PHP Gurukul - Online Notes Sharing System, a web application designed to manage and share academic notes among students and faculty. The vulnerability affects the session management logic handled via cookies and specifically targets the sessionid cookie used during authentication and user tracking.
The flaw allows attackers to perform XPath Injection by supplying specially crafted values in the sessionid cookie. Due to improper neutralization of input within XPath expressions, the application becomes vulnerable to logic manipulation, authentication bypass, and potential data extraction from the backend XML data store (e.g., usernames, passwords). |
|---|
| 원천 | ⚠️ https://github.com/Vanshdhawan188/Online-Notes-Sharing-System-Php-Gurukul-Python/blob/main/Online-Notes-Sharing-System-Php-Gurukul-Python-Xpath-Injection.md |
|---|
| 사용자 | Subhash Paudel (UID 66830) |
|---|
| 제출 | 2025. 06. 29. PM 01:46 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 07. AM 08:02 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 315093 [PHPGurukul Online Notes Sharing System 1.0 Cookie /Dashboard sessionid SQL 주입] |
|---|
| 포인트들 | 20 |
|---|