| عنوان | itsourcecode University Management System 1.0 File Upload |
|---|
| الوصف | Download Source Code: https://itsourcecode.com/wp-content/uploads/2022/01/University-Management-System-Project-In-PHP-Source-Code.zip
Register and log in with a student account。When visiting the /st_update.php?id=123321 page, the value corresponding to id is StudentID. You can upload an avatar file, but the page does not impose any restrictions on the uploaded files, resulting in attackers being able to directly upload PHP trojan files. |
|---|
| المصدر | ⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE6-4.md |
|---|
| المستخدم | Dee.Mirage (UID 71702) |
|---|
| ارسال | 20/07/2024 08:30 AM (2 سنوات منذ) |
|---|
| الاعتدال | 20/07/2024 04:38 PM (8 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 272080 [itsourcecode University Management System 1.0 Avatar File /st_update.php personal_image تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|