| عنوان | SourceCodester Online Discussion Forum Site V1.0 Unrestricted Upload |
|---|
| الوصف | Cece Chen from Wuhan University found that the file upload operation was triggered in registerH.php, and the _FAILES variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE.
The input obtained from line 16 of the "registerH.php" file is used in line 20 of the "registerH.php" file to determine the location of the file to be written, which may allow attackers to change or damage the content of the file, or create a brand new file. |
|---|
| المصدر | ⚠️ https://github.com/CveSecLook/cve/issues/27 |
|---|
| المستخدم | Cece Chen from Wuhan University (UID 68577) |
|---|
| ارسال | 13/05/2024 06:24 PM (2 سنوات منذ) |
|---|
| الاعتدال | 15/05/2024 01:32 PM (2 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 264455 [SourceCodester Online Discussion Forum Site 1.0 registerH.php ima تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|