| عنوان | SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0 Unrestricted Upload |
|---|
| الوصف | A vulnerability was discovered in SourceCodester Syllabus-Aligned Learning Management and Examination System 1.0. The issue affects upload_files.php.
An authenticated instructor can upload arbitrary PHP files through the file upload functionality. The application extracts the file extension but does not validate it against an allowlist and does not perform MIME-type verification. Uploaded files are stored in the web-accessible directory uploads/class_docs/ and are directly accessible via HTTP.
By uploading a PHP payload such as test.php and accessing the generated file URL, arbitrary PHP code is executed on the server.
This vulnerability allows authenticated remote code execution and may result in full compromise of the application and underlying server.
|
|---|
| المصدر | ⚠️ https://pastebin.com/PNJvBZwT |
|---|
| المستخدم | ameenkbrd (UID 98192) |
|---|
| ارسال | 03/06/2026 02:53 PM (1 شهر منذ) |
|---|
| الاعتدال | 04/07/2026 07:19 AM (1 month later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 376294 [SourceCodester Syllabus-Aligned Learning Management and Examination System upload_files.php تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|