| Title | SourceCodester Prison Management System 1.0 Exposure of Information Through Directory Listing |
|---|
| Description | A Directory Listing vulnerability has been discovered in the SourceCodester Prison Management System version 1.0. This vulnerability allows a remote attacker to gain unauthorized access to sensitive files within the application's uploadImage/Profile/ directory. Due to improper access control settings, the contents of this directory can be listed and viewed by any unauthenticated user. This could potentially expose sensitive information, such as uploaded profile images, which may contain personal or confidential data. The exploitation of this vulnerability could lead to further attacks such as information disclosure, unauthorized access, and potential use of exposed data in phishing or other malicious activities. |
|---|
| Source | ⚠️ https://github.com/CYB84/CVE_Writeup/blob/main/Directory%20Listing.md |
|---|
| User | Raj Nandi (UID 73232) |
|---|
| Submission | 08/14/2024 17:52 (2 years ago) |
|---|
| Moderation | 08/14/2024 20:35 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 274709 [SourceCodester Prison Management System 1.0 Profile Image /uploadImage/Profile/ insufficiently protected credentials] |
|---|
| Points | 20 |
|---|