| Titel | SourceCodester SourceCodester Pisay Online E-Learning System using PHP/MySQL 1.0 /lesson/controller.php Unrestricted Upload V1.0 Unrestricted Upload |
|---|
| Beschreibung | Found that the file upload operation was triggered in /lesson/controller.php, and the _FAILE variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE.
The input obtained from doInsert at line 36 in the admin/modules/less/controller.php file is used at line 37 in the /admin/ modules/less/controller.php file to determine the location of the file to be written, which may allow attackers to modify or damage the content of the file, or create a brand new file. |
|---|
| Quelle | ⚠️ https://github.com/CveSecLook/cve/issues/19 |
|---|
| Benutzer | laowang (UID 68358) |
|---|
| Einreichung | 30.04.2024 12:19 (vor 2 Jahren) |
|---|
| Moderieren | 30.04.2024 16:20 (4 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 262489 [SourceCodester Pisay Online E-Learning System 1.0 /lesson/controller.php Datei erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|