Title | SourceCodester Home Clean Service System in PHP Free Source Code V1.0 Unrestricted Upload |
---|
Description | Fengxiangdi found that the file upload operation was triggered in student.add.php, and the _FAILE variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE.
The input obtained from line 8 of the \admin\student.add.php file is used to determine the location of the file to be written, which may allow attackers to modify or damage the content of the file, or create a brand new file. |
---|
Source | ⚠️ https://github.com/xuanluansec/vul/issues/5 |
---|
User | fengxiangdi (ID 67634) |
---|
Submission | 04/17/2024 19:19 (20 days ago) |
---|
Moderation | 04/18/2024 07:56 (13 hours later) |
---|
Status | Accepted |
---|
VulDB Entry | 261440 |
---|