Submit #474200: CampCodes Project Management System 1.0 RCE via Arbitrary File Uploadinfo

TitleCampCodes Project Management System 1.0 RCE via Arbitrary File Upload
DescriptionVendor and Product Information: Vendor: CampCodes Product: Project Management System Product URL: https://www.campcodes.com/projects/php/project-management-system-using-php-mysql-free-download/ Confidence: Confirmed Description: The dashboard page of the application contains a severe vulnerability. The function that uploads project images permits attackers to upload arbitrary files, including malicious PHP scripts. This flaw allows attackers to execute arbitrary code on the server, potentially gaining unauthorized access to sensitive data, disrupting operations, or even taking full control of the server. This represents a major security threat and needs to be addressed immediately.
Source⚠️ https://github.com/shaturo1337/POCs/blob/main/Remote%20Code%20Execution%20via%20Arbitrary%20File%20Upload%20in%20Project%20Management%20System.md
User
 John Correche (UID 79510)
Submission01/03/2025 06:05 AM (1 month ago)
Moderation01/03/2025 05:16 PM (11 hours later)
StatusAccepted
VulDB Entry290158 [Campcodes Project Management System 1.0 update_forms.php?action=change_pic2&id=4 file unrestricted upload]
Points20

Might our Artificial Intelligence support you?

Check our Alexa App!