SourceCodester Student Result Management System Path Traversal Vulnerability in Image File Handler Component
Vulnerability
A critical path traversal vulnerability has been identified in SourceCodester Student Result Management System version 1.0. The issue arises in the Image File Handler component, specifically within the file '/admin/core/update_student.php'. The vulnerability is triggered by manipulating the 'old_photo' argument, which allows attackers to traverse the file system and potentially delete arbitrary files. This vulnerability can be exploited remotely, and a public exploit is available.
Impact
Exploitation of this vulnerability allows for arbitrary file deletion, as the affected function improperly handles file removal requests, enabling the deletion of files outside the intended scope.
Reproduction
To reproduce this vulnerability, send a request to '/admin/core/update_student.php' with a crafted 'old_photo' parameter that includes path traversal sequences. This will exploit the vulnerability by navigating the file system and deleting targeted files.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.