| عنوان | Great Developers Certificate Generator System 1.0 Unrestricted Upload |
|---|
| الوصف | An Arbitrary File Upload vulnerability (CWE-434) exists in the CSV upload functionality. The application validates uploaded files solely based on the file extension and concatenates the original filename directly into the destination path. This validation can be trivially bypassed by supplying a crafted filename such as payload.csv.php. No MIME type validation, file size restriction, or content inspection is performed. Uploaded files are stored in a web-accessible directory, enabling potential execution of malicious scripts if server-side execution is permitted. |
|---|
| المصدر | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Certificate.md |
|---|
| المستخدم | lakshay12311 (UID 91298) |
|---|
| ارسال | 31/01/2026 11:22 AM (3 أشهر منذ) |
|---|
| الاعتدال | 07/02/2026 04:27 PM (7 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 344886 [Great Developers Certificate Generation System حتى 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73 /restructured/csv.php تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|