| عنوان | ZeroWdd studentmanager 1.0 arbitrary file upload |
|---|
| الوصف | The addStudent and editStudent methods in src/main/Java/com/wdd/studentmanager/controller/StudentController. java, as well as the addTeacher and editTeacher methods in src/main/Java/com/wdd/studentmanager/controller/TeacherController. java, do not restrict the file extension and content for uploading. JSP Trojan files and HTML files can be uploaded, but the system has a flaw. After uploading the file, the system needs to be restarted to access it, otherwise the uploaded file cannot be accessed. |
|---|
| المصدر | ⚠️ https://github.com/ZeroWdd/studentmanager/issues/16 |
|---|
| المستخدم | LVZC (UID 74910) |
|---|
| ارسال | 23/12/2024 07:44 AM (1 سنة منذ) |
|---|
| الاعتدال | 04/01/2025 10:26 AM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 290208 [ZeroWdd studentmanager 1.0 TeacherController. java addTeacher/editTeacher ملف تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|