| Title | Student Study Center Desk Management System Arbitrary File Delete |
|---|
| Description | An Arbitrary File Delete Vulnerability has been discovered in Student Study Center Desk Management System.The vulnerable URI is /php-sscdms/classes/Master.php?f=delete_img and the vulnerable post parameter is 'path'.Successful exploitationcould allow remote attackers to delete any file on the target system, even system file.Unauthenticated attacker can also exploit this vulnerability for cookie is not necessary when performing this operation.
POST /php-sscdms/classes/Master.php?f=delete_img HTTP/1.1
********************************************
path=C%3A%2Ffoo.txt |
|---|
| Source | ⚠️ https://www.sourcecodester.com/php/16298/student-study-center-desk-management-system-using-php-oop-and-mysql-db-free-source-code |
|---|
| User | WWesleywww (UID 43117) |
|---|
| Submission | 03/17/2023 10:12 (3 years ago) |
|---|
| Moderation | 03/17/2023 12:44 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223326 [SourceCodester Student Study Center Desk Management System 1.0 POST Parameter Master.php?f=delete_img path path traversal] |
|---|
| Points | 20 |
|---|