SourceCodester Student Study Center Desk Management System index.php file inclusion
CVE-2023-2152

9.8CRITICAL

Key Information:

Vendor
Sourcecodester
Status
Student Study Center Desk Management System
Vendor
CVE Published:
18 April 2023

Summary

A file inclusion vulnerability exists within the SourceCodester Student Study Center Desk Management System 1.0. This issue arises from improper handling within the index.php file, specifically through unsanitized input in the 'page' argument. An attacker can exploit this vulnerability remotely, potentially leading to unauthorized file access and execution. The public disclosure of this exploit highlights the urgency for users to apply necessary patches and security measures to safeguard their systems.

Affected Version(s)

Student Study Center Desk Management System 1.0

References

https://vuldb.com/?id.226273
vdb-entrytechnical-description
https://vuldb.com/?ctiid.226273
signaturepermissions-required
https://github.com/xzz0787/vul/blob/main/README.pdf
exploit

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

xzz0787 (VulDB User)
.