| Titel | ZeroWdd studentmanager 1.0 arbitrary file upload |
|---|
| Beschreibung | The addStudent and editStudent methods in src/main/Java/com/wdd/studentmanager/controller/StudentController. java, as well as the addTeacher and editTeacher methods in src/main/Java/com/wdd/studentmanager/controller/TeacherController. java, do not restrict the file extension and content for uploading. JSP Trojan files and HTML files can be uploaded, but the system has a flaw. After uploading the file, the system needs to be restarted to access it, otherwise the uploaded file cannot be accessed. |
|---|
| Quelle | ⚠️ https://github.com/ZeroWdd/studentmanager/issues/16 |
|---|
| Benutzer | LVZC (UID 74910) |
|---|
| Einreichung | 23.12.2024 07:44 (vor 1 Jahr) |
|---|
| Moderieren | 04.01.2025 10:26 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 290208 [ZeroWdd studentmanager 1.0 TeacherController. java addTeacher/editTeacher Datei erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|