| Title | SourceCodester Student Result Management System 1.0 Relative Path Traversal |
|---|
| Description | The Student Results Management System has a path traversal vulnerability in its file deletion functionality. The application accepts user-controlled input via the img and old_photo parameters and uses this input directly in filesystem operations without any validation or modification. An attacker can modify these parameters to include directory traversal sequences such as (../), which allows them to access any location on the server filesystem beyond the target directory (images/students/). As a result, an attacker can delete any file outside the target directory, including critical application files such as configuration files. |
|---|
| Source | ⚠️ https://github.com/ogh-bnz/Student-Result-Management-System/blob/main/Path-traversal-to-arbitrary-file-deletion.md |
|---|
| User | Anonymous User |
|---|
| Submission | 05/20/2026 19:18 (21 days ago) |
|---|
| Moderation | 06/07/2026 12:05 (18 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 309022 [SourceCodester Student Result Management System 1.0 drop_student.php img path traversal] |
|---|
| Points | 0 |
|---|