SourceCodester Simple Student Attendance System index.php file inclusion
CVE-2023-6618

8.8HIGH

Key Information:

Vendor
SourceCodester
Status
Simple Student Attendance System
Vendor
CVE Published:
8 December 2023

Summary

A security vulnerability has been identified in the SourceCodester Simple Student Attendance System version 1.0, specifically within the index.php file. This flaw allows unauthorized manipulation of the 'page' argument, which can lead to file inclusion attacks. Exploitation of this vulnerability could result in the disclosure of sensitive information and potentially compromise the integrity of the system. The vulnerability has been publicly disclosed, increasing the risk of attacks. It is crucial for users to assess their systems and implement necessary security measures.

Affected Version(s)

Simple Student Attendance System 1.0

References

https://vuldb.com/?id.247255
vdb-entrytechnical-description
https://vuldb.com/?ctiid.247255
signaturepermissions-required
https://www.yuque.com/u39339523/el4dxs/krpez3nzv1144cuc
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

whs123 (VulDB User)
.