| Title | sourcecodester Employee and visitor pass logging system v1.0 Directory traversal |
|---|
| Description | The employee and visitor pass login system 1.0 has an unrestricted directory traversal attack, the attack method is /employee_gatepass/database/ /employee_gatepass/dist/ /employee_gatepass/libs/ /employee_gatepass/uploads/. Accessing the following route will allow unrestricted access to any file in the directory and can directly download it, thereby obtaining sensitive information from the server. |
|---|
| Source | ⚠️ https://github.com/happytraveller-alone/cve/blob/main/dir.md |
|---|
| User | happytraveller (UID 82753) |
|---|
| Submission | 03/13/2025 13:02 (1 Year ago) |
|---|
| Moderation | 03/22/2025 09:10 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 300667 [SourceCodester Employee and Visitor Gate Pass Logging System 1.0 exposure of information through directory listing] |
|---|
| Points | 20 |
|---|