| Title | SourceCodester Student Result Management System 1.0 Cleartext Storage of Sensitive Information |
|---|
| Description | A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been classified as critical. This affects an unknown part of the file /srms/login_credentials.txt. The manipulation leads to cleartext storage of sensitive information.
It is possible to launch the attack remotely without authentication. No user interaction is required. The file login_credentials.txt is stored within the web-accessible root directory without any access restriction.
An unauthenticated attacker can retrieve plaintext login credentials for all four user roles (Administrator, Academic Teacher, Teacher, Student) by sending a direct HTTP GET request to the file path. |
|---|
| Source | ⚠️ https://drive.google.com/file/d/1moQEev6skJoIe7UlL6YyR2xGgX5smeXb/view?usp=sharing |
|---|
| User | Humraaz21 (UID 96305) |
|---|
| Submission | 03/18/2026 07:27 (23 days ago) |
|---|
| Moderation | 04/04/2026 08:31 (17 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 355284 [SourceCodester Student Result Management System 1.0 HTTP GET Request /login_credentials.txt cleartext storage in file] |
|---|
| Points | 20 |
|---|