Skip to main content

Student Result Management System EUVDEUVD-2026-19011

| CVE-2026-5531 MEDIUM
Cleartext Storage in a File or on Disk (CWE-313)
2026-04-05 VulDB GHSA-q989-5jj4-3g9q
5.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
PoC Detected
Apr 07, 2026 - 13:20 vuln.today
Public exploit code
EUVD ID Assigned
Apr 05, 2026 - 01:45 euvd
EUVD-2026-19011
Analysis Generated
Apr 05, 2026 - 01:45 vuln.today
CVE Published
Apr 05, 2026 - 01:00 nvd
MEDIUM 5.5

DescriptionCVE.org

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

SourceCodester Student Result Management System 1.0 stores authentication credentials in cleartext within an HTTP-accessible file (/login_credentials.txt), allowing unauthenticated remote attackers to retrieve sensitive login information with low complexity. The vulnerability has publicly available exploit code and carries a CVSS 5.3 score reflecting confidentiality impact without integrity or availability compromise.

Technical ContextAI

The vulnerability stems from CWE-313 (Cleartext Storage of Sensitive Information) in the HTTP GET Request Handler component. The application improperly stores login credentials in a plaintext file accessible via HTTP requests, violating fundamental secure coding practices for credential management. The CPE cpe:2.3:a:sourcecodester:student_result_management_system:*:*:*:*:*:*:*:* indicates the entire product line is affected. This is a classic information disclosure vulnerability where sensitive data (authentication credentials) is persisted without encryption, encoding, or access controls, making it trivially discoverable to any attacker with network access to the application.

RemediationAI

Immediately remove or restrict access to /login_credentials.txt and implement credential storage following cryptographic best practices: store only password hashes using bcrypt, scrypt, or PBKDF2 with salt, never plaintext credentials on disk. Apply any security patches released by SourceCodester, and reset all credentials stored in the vulnerable file. For deployments unable to upgrade immediately, restrict HTTP access to the /login_credentials.txt path via web server configuration (deny all requests in .htaccess or nginx config) and implement file system permissions to prevent unauthorized local access. Audit logs to determine if the file was accessed. Consult vendor advisory at https://vuldb.com/vuln/355284 for additional context and updates.

CVE-2023-48722 CRITICAL POC
9.8 Dec 21

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated cri

CVE-2023-48720 CRITICAL POC
9.8 Dec 21

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated cri

CVE-2023-48718 CRITICAL POC
9.8 Dec 21

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated cri

CVE-2023-48716 CRITICAL POC
9.8 Dec 21

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated cri

CVE-2025-50489 HIGH POC
7.5 Jul 28

Session hijacking in PHPGurukul Student Result Management System v2.0 stems from the /srms/change-password.php component

CVE-2025-50490 HIGH POC
7.5 Jul 28

Session hijacking in PHPGurukul Student Result Management System v2.0 stems from improper session invalidation in the em

CVE-2025-5599 HIGH POC
7.3 Jun 04

Critical SQL injection vulnerability in PHPGurukul Student Result Management System version 1.3, exploitable through the

CVE-2025-5649 MEDIUM POC
5.3 Jun 05

A remote code execution vulnerability in A vulnerability classified as critical (CVSS 5.3). Risk factors: public PoC ava

CVE-2025-56710 HIGH POC
7.3 Sep 15

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the Profile Page of the PHPGurukul Student-Result-Ma

CVE-2025-4912 MEDIUM POC
5.3 May 19

A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Rated

CVE-2025-4898 MEDIUM
5.3 May 18

A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this

CVE-2025-4720 MEDIUM POC
5.3 May 15

A vulnerability was found in SourceCodester Student Result Management System 1.0. Rated medium severity (CVSS 5.3), this

Share

EUVD-2026-19011 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy