CVE-2021-45348 : Security Advisory and Response
Learn about CVE-2021-45348, a vulnerability in SourceCodester Attendance Management System v1.0 allowing arbitrary file deletion, potentially leading to a denial of service (DoS) attack. Find mitigation and prevention steps here.
An Arbitrary File Deletion vulnerability in SourceCodester Attendance Management System v1.0 can lead to Denial of Service (DoS) via the csv parameter in admin/pageUploadCSV.php.
Understanding CVE-2021-45348
What is CVE-2021-45348?
This CVE describes a vulnerability in SourceCodester Attendance Management System v1.0 that allows an attacker to delete arbitrary files, potentially leading to a DoS condition.
The Impact of CVE-2021-45348
The vulnerability enables attackers to crash the system by exploiting the csv parameter in a specific admin page.
Technical Details of CVE-2021-45348
Vulnerability Description
The flaw in SourceCodester Attendance Management System v1.0 permits unauthorized file deletions by manipulating the csv parameter.
Affected Systems and Versions
- Affected System: SourceCodester Attendance Management System v1.0
- Affected Version: n/a
Exploitation Mechanism
Attackers can abuse the csv parameter in admin/pageUploadCSV.php to delete files, disrupting system availability.
Mitigation and Prevention
Immediate Steps to Take
- Disable file uploads until a patch is available.
- Restrict access to the vulnerable admin page.
Long-Term Security Practices
- Regularly update the system to protect against known vulnerabilities.
- Implement input validation to prevent arbitrary file deletion.
Patching and Updates
Apply patches or updates released by the vendor to fix the vulnerability.