Key Information Summary Affected Product Product Name: Faculty Management System Version: v1.0 Vulnerability Type Vulnerability Type: Path Traversal Root Cause In the file, insufficient validation of user input for the parameter allows attackers to inject malicious paths. Impact Attackers can exploit this vulnerability to gain unauthorized access to system files, leading to sensitive data leakage and posing a serious threat to operating system security and business continuity. Description This vulnerability enables attackers to access the operating system's filesystem by crafting malicious values for the parameter, thereby retrieving sensitive information. Vulnerability Details and POC Vulnerable Parameter: URL: Payload: - : - : Attack Outcome Successfully read the contents of sensitive system files. Recommended Remediation Measures 1. Strictly validate and sanitize user input, allowing only expected character sets (whitelist), and reject any input containing . 2. Use secure APIs (e.g., , ) to normalize and validate the final path. 3. Follow the principle of least privilege by configuring the application’s running account with minimal necessary filesystem access permissions.