SourceCodester Online Student Clearance System Directory Traversal Vulnerability

A directory traversal vulnerability has been identified in SourceCodester Online Student Clearance System version 1.0. This vulnerability allows attackers to access server files without authorization by manipulating directory paths, potentially leading to the leakage of sensitive information. The issue arises from inadequate user authorization of file inputs, enabling unauthorized access to the database, modification or deletion of data, and exposure of confidential information. Notably, this vulnerability can be exploited remotely without requiring any form of authentication.

Impact

Exploitation of this vulnerability could result in unauthorized access to database files, allowing attackers to leak, modify, or delete sensitive data. Such actions could disrupt normal system operations and compromise overall system security.

Reproduction

The vulnerability can be reproduced by sending a request to the 'id' parameter with a payload that includes directory traversal sequences, such as '../', to navigate through directories and access restricted files. This can be done remotely without any authentication.