SourceCodester Simple Student Attendance System index.php file inclusion
CVE-2023-6618

5.5MEDIUM

Key Information:

Vendor

Sourcecodester
Status
Simple Student Attendance System
Vendor
CVE Published:
8 December 2023

What is CVE-2023-6618?

A security vulnerability has been identified in the SourceCodester Simple Student Attendance System version 1.0, specifically within the index.php file. This flaw allows unauthorized manipulation of the 'page' argument, which can lead to file inclusion attacks. Exploitation of this vulnerability could result in the disclosure of sensitive information and potentially compromise the integrity of the system. The vulnerability has been publicly disclosed, increasing the risk of attacks. It is crucial for users to assess their systems and implement necessary security measures.

Affected Version(s)

Simple Student Attendance System 1.0

References

https://vuldb.com/?id.247255
vdb-entrytechnical-description
https://vuldb.com/?ctiid.247255
signaturepermissions-required
https://www.yuque.com/u39339523/el4dxs/krpez3nzv1144cuc
exploit

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

whs123 (VulDB User)
.
CVE-2023-6618 : SourceCodester Simple Student Attendance System index.php file inclusion