| Título | SourceCodester Student Result Management System 1.0 Cleartext Storage of Sensitive Information |
|---|
| Descrição | A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as critical. This affects an unknown part of the file /srms/login_credentials.txt. The manipulation leads to cleartext storage of sensitive information.
It is possible to launch the attack remotely without authentication. No user interaction is required. The file login_credentials.txt is stored within the web-accessible root directory without any access restriction.
An unauthenticated attacker can retrieve plaintext login credentials for all four user roles (Administrator, Academic Teacher, Teacher, Student) by sending a direct HTTP GET request to the file path. |
|---|
| Fonte | ⚠️ https://drive.google.com/file/d/1moQEev6skJoIe7UlL6YyR2xGgX5smeXb/view?usp=sharing |
|---|
| Utilizador | Humraaz21 (UID 96305) |
|---|
| Submissão | 18/03/2026 07h27 (há 1 mês) |
|---|
| Moderação | 04/04/2026 08h31 (17 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 355284 [SourceCodester Student Result Management System 1.0 HTTP GET Request /login_credentials.txt Divulgação de Informação] |
|---|
| Pontos | 20 |
|---|