| عنوان | Storage Unit Rental Management System v1.0 /storage/classes/Users.php?f=save post form-data parameter filename exists arbitrary file upload |
|---|
| الوصف | Storage Unit Rental Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /storage/classes/Users.php?f=save post form-data parameter 'filename'. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Steps to reproduce
1.Go to the admin Dashboard
2.Click on User List and Click on +Create New
3.Any file can be uploaded, such as uploading php code
4.Access to uploaded files can be executed successfully |
|---|
| المصدر | ⚠️ https://github.com/ret2hh/bug_report/blob/main/UPLOAD.md |
|---|
| المستخدم | bit3hh (UID 42576) |
|---|
| ارسال | 20/03/2023 10:38 AM (3 سنوات منذ) |
|---|
| الاعتدال | 22/03/2023 11:03 AM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 223552 [SourceCodester Storage Unit Rental Management System 1.0 classes/Users.php?f=save تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|