| Title | SourceCodester Student Result Management System 1.0 Path Traversal |
|---|
| Description | User can delete files through `academic/core/drop_student.php`. Users must authenticate with valid credentials to access the system. A vulnerability exists in the file deletion functionality where improper validation of the `img` parameter allows attackers to perform path traversal. By manipulating the parameter value, authenticated users can delete arbitrary files on the server, including critical system files, potentially leading to denial of service or further exploitation. |
|---|
| Source | ⚠️ https://github.com/Xiaoyi-ing/CVE/issues/4 |
|---|
| User | me1ody (UID 84857) |
|---|
| Submission | 05/02/2025 09:53 (12 months ago) |
|---|
| Moderation | 05/15/2025 09:00 (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 309022 [SourceCodester Student Result Management System 1.0 drop_student.php img path traversal] |
|---|
| Points | 20 |
|---|