| عنوان | SourceCodester Pet grooming management software 1.0 Unrestricted Upload |
|---|
| الوصف | The file upload functionality in manage_website.php contains severe security vulnerabilities. It relies solely on frontend filtering for file type verification and completely lacks server-side validation of the file's actual type. For example, it does not use functions like getimagesize() to verify whether the uploaded file is a genuine image. This allows attackers to easily bypass frontend restrictions and upload malicious files. More critically, these files are directly saved to the accessible directory of the web server(/petgrooming_erp/pet_grooming/assets/uploadImage/Logo)—while retaining their original filenames. This means that if an attacker uploads a file with an executable extension (such as .php), the server may parse and execute it. This could enable the attacker to gain control of the server, thereby causing serious security breaches. |
|---|
| المصدر | ⚠️ https://github.com/chen2496088236/CVE/issues/9 |
|---|
| المستخدم | 111ctx (UID 89466) |
|---|
| ارسال | 30/08/2025 04:26 PM (10 أشهر منذ) |
|---|
| الاعتدال | 07/09/2025 08:39 PM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 323041 [SourceCodester Pet Grooming Management Software 1.0 manage_website.php تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|