제출 #855048: SourceCodester Online Book Store System 1.0 Local File Inclusion정보

제목SourceCodester Online Book Store System 1.0 Local File Inclusion
설명A Local File Inclusion (LFI) vulnerability exists in SourceCodester Online Book Store System 1.0. The administrative interface dynamically includes files based on the user-controlled 'page' parameter without proper validation or allow-list restrictions. An authenticated attacker can abuse the PHP stream wrapper 'php://filter/convert.base64-encode/resource=' to disclose arbitrary PHP source code files. During testing, the source code of admin_class.php was successfully retrieved and decoded. The disclosed source code contains authentication logic, session handling functionality, database queries, user management operations, and other sensitive application components. This information may facilitate further attacks against the application. CWE-98 CVSS v3.1: 4.9 (Medium)
원천⚠️ https://medium.com/@hemantrajbhati5555/local-file-inclusion-lfi-via-page-parameter-leading-to-source-code-disclosure-ce722de0c407
사용자 Hemant Raj Bhati (UID 95613)
제출2026. 06. 10. PM 02:01 (1 월 ago)
모더레이션2026. 07. 12. PM 08:07 (1 month later)
상태수락
VulDB 항목377890 [SourceCodester Online Book Store System 1.0 Administrative Interface /admin/index.php page 정보 공개]
포인트들20

Do you want to use VulDB in your project?

Use the official API to access entries easily!