| عنوان | Best employee management system in php profile.php V1.0 Unrestricted Upload |
|---|
| الوصف | The input obtained from line 20 of the \admin\profile.php file is used to determine the location of the file to be written, which may allow attackers to modify or damage the content of the file, or create a brand new file.
Jiang0Xshe11 found that the file upload operation was triggered in profile.php, and the _FAILE variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE. |
|---|
| المصدر | ⚠️ https://github.com/Hefei-Coffee/cve/issues/3 |
|---|
| المستخدم | Tranks (UID 82226) |
|---|
| ارسال | 04/03/2025 10:33 AM (1 سنة منذ) |
|---|
| الاعتدال | 06/03/2025 03:18 PM (2 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 296577 [SourceCodester Best Employee Management System 1.0 Profile Picture تجاوز الصلاحيات] |
|---|
| النقاط | 0 |
|---|