{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5531", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-04T06:31:14.683Z", "datePublished": "2026-04-05T01:00:17.893Z", "dateUpdated": "2026-04-06T14:51:24.567Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-05T01:00:17.893Z"}, "title": "SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-313", "lang": "en", "description": "Cleartext Storage in a File or on Disk"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-312", "lang": "en", "description": "Cleartext Storage of Sensitive Information"}]}], "affected": [{"vendor": "SourceCodester", "product": "Student Result Management System", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["HTTP GET Request Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR"}}], "timeline": [{"time": "2026-04-04T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-04T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-04T08:36:18.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Humraaz21 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/355284", "name": "VDB-355284 | SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/355284/cti", "name": "VDB-355284 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/782157", "name": "Submit #782157 | SourceCodester Student Result Management System 1.0 Cleartext Storage of Sensitive Information", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1moQEev6skJoIe7UlL6YyR2xGgX5smeXb/view?usp=sharing", "tags": ["exploit"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-06T14:04:20.674585Z", "id": "CVE-2026-5531", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T14:51:24.567Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"tags": ["x_freeware"], "title": "SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file", "credits": [{"lang": "en", "type": "reporter", "value": "Humraaz21 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:W/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:W/RC:UR"}}], "affected": [{"vendor": "SourceCodester", "modules": ["HTTP GET Request Handler"], "product": "Student Result Management System", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-04T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-04T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-04T08:36:18.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/355284", "name": "VDB-355284 | SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/355284/cti", "name": "VDB-355284 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/782157", "name": "Submit #782157 | SourceCodester Student Result Management System 1.0 Cleartext Storage of Sensitive Information", "tags": ["third-party-advisory"]}, {"url": "https://drive.google.com/file/d/1moQEev6skJoIe7UlL6YyR2xGgX5smeXb/view?usp=sharing", "tags": ["exploit"]}, {"url": "https://www.sourcecodester.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-313", "description": "Cleartext Storage in a File or on Disk"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-312", "description": "Cleartext Storage of Sensitive Information"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-05T01:00:17.893Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5531", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-06T14:04:20.674585Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-06T14:04:33.955Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-5531", "state": "PUBLISHED", "dateUpdated": "2026-04-05T01:00:17.893Z", "dateReserved": "2026-04-04T06:31:14.683Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-05T01:00:17.893Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."}], "id": "CVE-2026-5531", "lastModified": "2026-04-07T13:20:55.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-05T02:16:00.130", "references": [{"source": "cna@vuldb.com", "url": "https://drive.google.com/file/d/1moQEev6skJoIe7UlL6YyR2xGgX5smeXb/view?usp=sharing"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/782157"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355284"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/355284/cti"}, {"source": "cna@vuldb.com", "url": "https://www.sourcecodester.com/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}, {"lang": "en", "value": "CWE-313"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.0,1.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Student Result Management System", "source": "cna", "vendor": "SourceCodester"}, "product": "student_result_management_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-05T04:50:55.528072+00:00", "value": {"mitigation_remediation": ["Apply the latest vendor patch or update for SourceCodester Student Result Management System", "Restrict or disable the GET endpoint that writes /login_credentials.txt until a fix is available", "Configure the system to store credentials securely by hashing or encrypting them", "Monitor web server logs for unauthorized access attempts to the vulnerable endpoint"], "summary": {"action": "Patch", "impact": "Credential Exposure"}, "threat_synthesis": {"affected_systems": "The only affected product is SourceCodester Student Result Management System 1.0, which stores credentials on disk during a GET request. No other vendors, products, or versions are listed as impacted.", "description_and_impact": "An HTTP GET request handler in SourceCodester Student Result Management System version 1.0 writes login credentials to /login_credentials.txt in cleartext when the request is processed. The flaw allows attackers to obtain valid usernames and passwords from the file, compromising the confidentiality of user accounts. The weakness is a classic privilege and data exposure issue, evidenced by the assignment of CWE\u2011312 and CWE\u2011313.", "risk_and_exploitability": "The vulnerability carries a CVSS score of 6.9, indicating moderate to high risk. No publicly available exploitation probability score is available, and the issue is not listed in the CISA KEV catalog. Attackers can trigger the vulnerability remotely via a crafted HTTP GET request, reading the stored cleartext credentials and potentially gaining unauthorized access to user accounts."}}}}, "created": "2026-04-06T20:26:48.658487+00:00", "updated": "2026-04-06T21:57:23.942467+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$student_result_management_system"]}