关键漏洞信息 漏洞概述: 项目名称:Student Result Management System (SRMS) 1.0 漏洞关键点: - Unauthenticated SMTP Configuration Hijacking - Unauthenticated Bulk Account Creation (Arbitrary File Upload) - Unauthenticated Arbitrary Account Deletion (DoS) 漏洞详情: 1. Unauthenticated SMTP Configuration Hijacking 类型: Broken Access Control / Improper Authorization CVE ID:CWE-284, CWE-862 CVSS v3.1 Score:9.1 组件:/srms/script/admin/core/update_smtp.php 2. Unauthenticated Bulk Account Creation 类型:Authentication Bypass / Unrestricted Upload CVE ID:CWE-434, CWE-306 CVSS v3.1 Score:9.8 组件:/srms/script/admin/core/import_users.php 3. Unauthenticated Arbitrary Account Deletion 类型: Broken Access Control / Improper Authorization CVE ID:CWE-284 CVSS v3.1 Score:8.2 组件:/admin/core/drop_user.php 漏洞利用过程: 1.1 SMTP Hijacking: 修改邮件设置,导致令牌发送至攻击者服务器。 2.1 Account Injection: 上传恶意Excel文件,批量创建账户。 3.1 Account Deletion: 删除任意账户,包括管理员账户。 ```markdown PoC & Evidence: Step 1: 确认无凭证访问。 Step 2: 执行攻击,确证漏洞影响。 修复建议: 强制Session-Based Access Control以保护管理员脚本。