CVE-2023-1467

Name of the Vulnerable Software and Affected Versions SourceCodester Student Study Center Desk Management System version 1.0

Description A critical vulnerability has been found in the SourceCodester Student Study Center Desk Management System. The issue affects an unknown function of the file Master.php, specifically the f=delete img component of the POST Parameter Handler. The manipulation of the path argument with the input C%3A%2Ffoo.txt leads to path traversal. This can be exploited remotely. The exploit has been disclosed to the public.

Recommendations For version 1.0, as a temporary workaround, consider restricting access to the Master.php?f=delete img endpoint until a patch is available. Avoid using the path argument in the affected POST Parameter Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.