| عنوان | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 Arbitrary File Upload |
|---|
| الوصف | The Online College Event Hall Reservation System is vulnerable to an Arbitrary File Upload issue within its `/admin/update-rooms.php` script. Attackers can exploit this by uploading files with arbitrary content, such as a PHP script, under the guise of an image file update for a room. The lack of adequate validation on the uploaded file's type and content allows for the execution of server-side scripts, posing a significant security risk. This vulnerability highlights the importance of implementing strict file validation checks, including verifying mime types and file extensions, to prevent the uploading and execution of potentially malicious files. |
|---|
| المصدر | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20update-rooms.php.md |
|---|
| المستخدم | nochizplz (UID 64302) |
|---|
| ارسال | 08/03/2024 05:53 AM (2 سنوات منذ) |
|---|
| الاعتدال | 15/03/2024 05:29 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 256968 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/update-rooms.php تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|