| عنوان | CampCodes Project Management System 1.0 RCE via Arbitrary File Upload |
|---|
| الوصف | Vendor and Product Information:
Vendor: CampCodes
Product: Project Management System
Product URL: https://www.campcodes.com/projects/php/project-management-system-using-php-mysql-free-download/
Confidence: Confirmed
Description:
The dashboard page of the application contains a severe vulnerability. The function that uploads project images permits attackers to upload arbitrary files, including malicious PHP scripts. This flaw allows attackers to execute arbitrary code on the server, potentially gaining unauthorized access to sensitive data, disrupting operations, or even taking full control of the server. This represents a major security threat and needs to be addressed immediately. |
|---|
| المصدر | ⚠️ https://github.com/shaturo1337/POCs/blob/main/Remote%20Code%20Execution%20via%20Arbitrary%20File%20Upload%20in%20Project%20Management%20System.md |
|---|
| المستخدم | John Correche (UID 79510) |
|---|
| ارسال | 03/01/2025 06:05 AM (1 سنة منذ) |
|---|
| الاعتدال | 03/01/2025 05:16 PM (11 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 290158 [Campcodes Project Management System 1.0 update_forms.php?action=change_pic2&id=4 ملف تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|