Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4DescriptionCVE.org
A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
AnalysisAI
SourceCodester Student Result Management System 1.0 stores authentication credentials in cleartext within an HTTP-accessible file (/login_credentials.txt), allowing unauthenticated remote attackers to retrieve sensitive login information with low complexity. The vulnerability has publicly available exploit code and carries a CVSS 5.3 score reflecting confidentiality impact without integrity or availability compromise.
Technical ContextAI
The vulnerability stems from CWE-313 (Cleartext Storage of Sensitive Information) in the HTTP GET Request Handler component. The application improperly stores login credentials in a plaintext file accessible via HTTP requests, violating fundamental secure coding practices for credential management. The CPE cpe:2.3:a:sourcecodester:student_result_management_system:*:*:*:*:*:*:*:* indicates the entire product line is affected. This is a classic information disclosure vulnerability where sensitive data (authentication credentials) is persisted without encryption, encoding, or access controls, making it trivially discoverable to any attacker with network access to the application.
RemediationAI
Immediately remove or restrict access to /login_credentials.txt and implement credential storage following cryptographic best practices: store only password hashes using bcrypt, scrypt, or PBKDF2 with salt, never plaintext credentials on disk. Apply any security patches released by SourceCodester, and reset all credentials stored in the vulnerable file. For deployments unable to upgrade immediately, restrict HTTP access to the /login_credentials.txt path via web server configuration (deny all requests in .htaccess or nginx config) and implement file system permissions to prevent unauthorized local access. Audit logs to determine if the file was accessed. Consult vendor advisory at https://vuldb.com/vuln/355284 for additional context and updates.
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated cri
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated cri
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated cri
Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated cri
Session hijacking in PHPGurukul Student Result Management System v2.0 stems from the /srms/change-password.php component
Session hijacking in PHPGurukul Student Result Management System v2.0 stems from improper session invalidation in the em
Critical SQL injection vulnerability in PHPGurukul Student Result Management System version 1.3, exploitable through the
A remote code execution vulnerability in A vulnerability classified as critical (CVSS 5.3). Risk factors: public PoC ava
A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Ma
A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Rated
A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this
A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this
Same weakness CWE-313 – Cleartext Storage in a File or on Disk
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-19011
GHSA-q989-5jj4-3g9q