| Title | hzmanyun education and training system v3.1.1 RCE |
|---|
| Description | The application allows unauthenticated users to upload files via the `/gok4` endpoint. The uploaded files are not properly validated, which can lead to remote code execution (RCE) if a malicious file is uploaded. |
|---|
| Source | ⚠️ https://github.com/Rain1er/report/blob/main/CDG/bnhiMg%3D%3D.md |
|---|
| User | mike111 (UID 81276) |
|---|
| Submission | 02/08/2025 09:21 AM (3 months ago) |
|---|
| Moderation | 02/21/2025 04:05 PM (13 days later) |
|---|
| Status | Accepted |
|---|
| VulDB Entry | 296506 [hzmanyun Education and Training System 3.1.1 saveImage File unrestricted upload] |
|---|
| Points | 16 |
|---|