| عنوان | code-projects Document Management System 1.0 Improper Input Validation |
|---|
| الوصف | A Path Traversal vulnerability (CWE-22) was discovered in the dell.php file of code-projects Document Management System 1.0.
The vulnerability exists because the application, when performing a file deletion operation, directly passes the which parameter from a GET request to the unlink() function without adequately validating or sanitizing the user-supplied path to confine it to the intended directory.
This allows a remote attacker to use path traversal sequences (e.g., ../) to construct a path to an arbitrary file on the server and delete it, provided the web server process has the necessary write permissions. Successful exploitation of this vulnerability could lead to the deletion of critical application files, configuration files, or system files, resulting in a Denial of Service (DoS) or more severe system damage. |
|---|
| المصدر | ⚠️ https://github.com/i-Corner/cve/issues/14 |
|---|
| المستخدم | iC0rner (UID 82839) |
|---|
| ارسال | 30/07/2025 09:22 AM (11 أشهر منذ) |
|---|
| الاعتدال | 31/07/2025 08:49 PM (1 day later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 318461 [code-projects Document Management System 1.0 /dell.php unlink معرف اجتياز الدليل] |
|---|
| النقاط | 20 |
|---|