Description: Best Student Result Management System 1.0 is vulnerable to Broken Access Control. The Directory Listing vulnerability allows any remote attacker to view the application's sensitive files within the includes and assets directories of the application without any authorization.
Vulnerable Product Version: Best Student Result Management System 1.0
CVE Author: Geraldo Alcântara
Date: 28/11/2023
Confirmed on: 19/12/2023
CVE: CVE-2023-49980
Tested on: Windows
- Navigate to URL: http://{IP}/upresult/includes/ or http://{IP}/upresult/assets/. I found out that many important files of application can be accessed directly from this directory listing.
Accessing the directory /includes/
Accessing the directory /assets/
Discoverer(s)/Credits:
Geraldo Alcântara