Directory Listing Vulnerability in Bus Pass Management System by Abhiunix
CVE-2021-44315

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Bus Pass Management System
Vendor: CVE Published:; 16 December 2021

Summary

The Bus Pass Management System v1.0 features a directory listing vulnerability that permits unauthorized users to access sensitive files stored on the web server. This flaw can reveal crucial data, including user credentials and server configuration files, which may lead to further exploitation of the system. Proper server configurations are essential to mitigate this risk and protect sensitive information from being publicly accessible.

References

https://github.com/abhiunix/Bus-Pass-Management-System-v1...

x_refsource_MISC

https://github.com/abhiunix/Bus-Pass-Management-System-v1...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2021
Vulnerability Reserved
Nov 29, 2021