| Titel | codeastro Internet Banking System 1.0 Unrestricted Upload |
|---|
| Beschreibung | During the security audit of Internet Banking System, I found a serious file upload vulnerability. The vulnerability can upload employee pictures in the function of adding employees in the administrator background. If the uploaded files are not limited or the restrictions are bypassed, the function will be used to upload executable files and scripts to the server, which will further cause the server to be compromised. |
|---|
| Quelle | ⚠️ https://github.com/lyg986443/cve/issues/9 |
|---|
| Benutzer | bjbzbj (UID 83490) |
|---|
| Einreichung | 15.04.2025 10:41 (vor 1 Jahr) |
|---|
| Moderieren | 26.04.2025 11:13 (11 days later) |
|---|
| Status | Duplikat |
|---|
| VulDB Eintrag | 249509 [CodeAstro Internet Banking System bis 1.0 Profile Picture pages_account.php erweiterte Rechte] |
|---|
| Punkte | 0 |
|---|