Submeter #756135: SourceCodester Student Result Management System 1.0 1.0 Improper Access Controlsinformação

TítuloSourceCodester Student Result Management System 1.0 1.0 Improper Access Controls
DescriçãoA critical vulnerability was discovered in SourceCodester Student Result Management System 1.0. The flaw is located in the /admin/core/import_users.php file. The application fails to perform any authentication or session validation checks before processing file uploads. An unauthenticated remote attacker can upload a specially crafted Excel (.xlsx) file to this endpoint. The server parses the file and inserts arbitrary user records into the tbl_staff table, effectively allowing the creation of unauthorized accounts with "Teacher" privileges. This leads to unauthorized access and persistent database pollution.
Fonte⚠️ https://github.com/Shaon-Xis/SRMS-1.0---Unauthenticated-SMTP-Hijacking-to-Account-Takeover
Utilizador
 yan1451 (UID 94854)
Submissão11/02/2026 09h03 (há 2 meses)
Moderação22/02/2026 17h42 (11 days later)
EstadoAceite
Entrada VulDB347366 [SourceCodester Student Result Management System 1.0 Bulk Import import_users.php Ficheiro Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo