SourceCodester Employee and Visitor Gate Pass Logging System Directory Traversal Vulnerability

A directory traversal vulnerability has been identified in SourceCodester Employee and Visitor Gate Pass Logging System version 1.0. This vulnerability allows remote attackers to access and download any file from multiple sub-directories, including 'database', 'dist', 'libs', and 'uploads'. The issue arises because the application fails to properly sanitize user input, enabling unauthorized access to potentially sensitive information on the server.

Impact

Exploitation of this vulnerability leads to unauthorized access to files on the server, allowing attackers to download and potentially misuse sensitive information.

Reproduction

The vulnerability can be reproduced by sending a request to the '/employee_gatepass/dist/' route. This can be done using a web browser or a tool like cURL, without any authentication. The response will include a directory listing, exposing files that can be downloaded.

Remediation

It is recommended to change the configuration settings to prevent directory traversal attacks.