Submit #335838: Codezips E-commerce Site Using PHP With Source Code V1.0 Unrestricted Uploadinfo

TitelCodezips E-commerce Site Using PHP With Source Code V1.0 Unrestricted Upload
Beschreibungpolaris0x1 found that the file upload operation was triggered in admin/editproduct.php, and the _FAILES variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE. The input obtained from line 67 of the "/admin/editproduct.php" file is used in line 86 of the "/admin/editproduct.php" file to determine the location of the file to be written, which may allow attackers to change or damage the content of the file, or create a brand new file.
Quelle⚠️ https://github.com/polaris0x1/CVE/issues/2
Benutzer
 polaris0x1 (UID 67906)
Einreichung16.05.2024 05:17 (vor 2 Jahren)
Moderieren17.05.2024 08:08 (1 day later)
StatusAkzeptiert
VulDB Eintrag264746 [Codezips E-Commerce Site 1.0 admin/editproduct.php profilepic erweiterte Rechte]
Punkte20

Do you want to use VulDB in your project?

Use the official API to access entries easily!