PT-2021-24186 · Unknown · Phpgurukul Employee Record Management System
Published
2021-12-13
·
Updated
2023-09-25
·
CVE-2021-44965
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
PHPGURUKUL Employee Record Management System version 1.2
Description:
The issue allows an attacker to perform a directory traversal attack in the
/admin/includes/* directory. This enables the retrieval and download of sensitive information from the vulnerable server.Recommendations:
For PHPGURUKUL Employee Record Management System version 1.2, consider restricting access to the
/admin/includes/* directory until a patch is available. As a temporary workaround, limit the information stored in this directory to minimize the risk of exploitation.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Employee Record Management System