Login Sign Up

CVE-2023-49980

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthenticated attackers to list directories and access sensitive files in Best Student Result Management System v1.0. Anyone running this specific PHP web application is affected, potentially exposing configuration files, database credentials, and other sensitive data.

💻 Affected Systems

Products:
  • Best Student Result Management System
Versions: v1.0
Operating Systems: Any OS running PHP web server
Default Config Vulnerable: ⚠️ Yes
Notes: Affects default installation from SourceCodester. Requires PHP and MySQL environment.

📦 What is this software?

Best Student Result Management System by Mayurik

View all CVEs affecting Best Student Result Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain database credentials, compromise the database, access student records, and potentially achieve remote code execution through exposed configuration files.

🟠

Likely Case

Attackers enumerate directory structures, download sensitive files including configuration files with database credentials, and potentially access student data.

🟢

If Mitigated

With proper access controls and directory restrictions, impact is limited to information disclosure about directory structure without sensitive file access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple directory traversal via crafted URLs. No authentication required. Public exploit code available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider replacing with alternative software or implementing workarounds.

🔧 Temporary Workarounds

Disable Directory Listing

all

Configure web server to prevent directory listing

For Apache: Add 'Options -Indexes' to .htaccess or httpd.conf
For Nginx: Add 'autoindex off;' to server block

Restrict Access to Sensitive Directories

all

Block access to configuration and sensitive directories

For Apache: 'Deny from all' in .htaccess for sensitive directories
For Nginx: 'location ~ /\.(ht|env|config) { deny all; }'

🧯 If You Can't Patch

  • Move application behind authentication gateway or VPN
  • Implement web application firewall rules to block directory traversal patterns

🔍 How to Verify

Check if Vulnerable:

Access URLs like http://target/directory/ to see if directory listing is enabled without authentication

Check Version:

Check application files for version information, typically in README or configuration files

Verify Fix Applied:

Attempt directory listing after implementing workarounds - should return 403 Forbidden or similar error

📡 Detection & Monitoring

Log Indicators:

  • Multiple 200 OK responses to directory paths without file extensions
  • Patterns of ../ or directory traversal attempts in access logs

Network Indicators:

  • HTTP requests ending with / or without file extensions returning directory listings

SIEM Query:

web.url="*/" AND web.status="200" AND NOT web.url="*.php" AND NOT web.url="*.html"

📊 Metadata

CVE ID: CVE-2023-49980
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-862
Published: March 21, 2024
Last Updated: March 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-49980, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)