| Titel | Storage Unit Rental Management System v1.0 /storage/classes/Users.php?f=save post form-data parameter filename exists arbitrary file upload |
|---|
| Beschreibung | Storage Unit Rental Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /storage/classes/Users.php?f=save post form-data parameter 'filename'. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Steps to reproduce
1.Go to the admin Dashboard
2.Click on User List and Click on +Create New
3.Any file can be uploaded, such as uploading php code
4.Access to uploaded files can be executed successfully |
|---|
| Quelle | ⚠️ https://github.com/ret2hh/bug_report/blob/main/UPLOAD.md |
|---|
| Benutzer | bit3hh (UID 42576) |
|---|
| Einreichung | 20.03.2023 10:38 (vor 3 Jahren) |
|---|
| Moderieren | 22.03.2023 11:03 (2 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 223552 [SourceCodester Storage Unit Rental Management System 1.0 classes/Users.php?f=save erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|