| عنوان | Engineers Online Portal System upload_save_student.php has a file upload (RCE) vulnerability |
|---|
| الوصف | Engineers Online Portal System has a file upload (RCE) vulnerability, vulnerability exists in upload_save_student.php file, Can upload any format of the file, and there is no limit, the file name is simply encrypted, but can be enumerated to guess, developers should limit the type of user upload file, otherwise it will lead to the user to obtain server permissions, steal sensitive data, serious or even lead to server crash, a large number of user privacy disclosure.
Source DownLoad:https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html |
|---|
| المصدر | ⚠️ https://github.com/llixixi/Engineers-Online-Portal-System/blob/main/Engineers%20Online%20Portal%20System%20upload_save_student.php%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf |
|---|
| المستخدم | llixixioo (UID 54584) |
|---|
| ارسال | 23/09/2023 03:24 PM (3 سنوات منذ) |
|---|
| الاعتدال | 29/09/2023 11:50 AM (6 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 240912 [SourceCodester Engineers Online Portal 1.0 upload_save_student.php uploaded_file تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|