| 제목 | SourceCodester Student Result Management System 1.0 Cleartext Storage of Sensitive Information |
|---|
| 설명 | A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as critical. This affects an unknown part of the file /srms/login_credentials.txt. The manipulation leads to cleartext storage of sensitive information.
It is possible to launch the attack remotely without authentication. No user interaction is required. The file login_credentials.txt is stored within the web-accessible root directory without any access restriction.
An unauthenticated attacker can retrieve plaintext login credentials for all four user roles (Administrator, Academic Teacher, Teacher, Student) by sending a direct HTTP GET request to the file path. |
|---|
| 원천 | ⚠️ https://drive.google.com/file/d/1moQEev6skJoIe7UlL6YyR2xGgX5smeXb/view?usp=sharing |
|---|
| 사용자 | Humraaz21 (UID 96305) |
|---|
| 제출 | 2026. 03. 18. AM 07:27 (30 날 ago) |
|---|
| 모더레이션 | 2026. 04. 04. AM 08:31 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 355284 [SourceCodester Student Result Management System 1.0 HTTP GET Request /login_credentials.txt 정보 공개] |
|---|
| 포인트들 | 20 |
|---|