Skip to content
/ CVE-2023-49981 Public

School Fees Management System v1.0 - Incorrect Access Control - Directory Listing

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

geraldoalcantara/CVE-2023-49981

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2023-49981

School Fees Management System v1.0 - Incorrect Access Control - Directory Listing

Description: A directory listing vulnerability in School Fees Management System v1.0 allows attackers to list directories and sensitive files within the application without requiring authentication/authorization.

Vulnerable Product Version: School Fees Management System v1.0
CVE Author: Geraldo Alcântara
Date: 28/11/2023
Confirmed on: 19/12/2023
CVE: CVE-2023-49981
Tested on: Windows

Steps to reproduce:

Affected Components:

/ci_fms/database/
/ci_fms/uploads/
/ci_fms/assets/
/ci_fms/assets/backend/

  1. To exploit the vulnerability, an attacker simply needs to navigate to the directories. Navigate to URL: http://{IP}/ci_fms/database/, http://{IP}/ci_fms/uploads/ or http://{IP}/ci_fms/assets/. I found out that many important files of application can be accessed directly from this directory listing.

Discoverer(s)/Credits:
Geraldo Alcântara

About

School Fees Management System v1.0 - Incorrect Access Control - Directory Listing

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published