Submit #603643: SourceCodester Simple Company Website with an Admin Panel V1.0 Arbitrary File Uploadinfo

TitelSourceCodester Simple Company Website with an Admin Panel V1.0 Arbitrary File Upload
BeschreibungDuring the security assessment of the 'Simple Company Website with an Admin Panel' application, a critical arbitrary file upload vulnerability was discovered in the /classes/SystemSettings.php file. Due to the lack of input validation, unauthenticated users can send specially crafted HTTP requests to upload malicious scripts. These scripts are then accessible and executable via a web browser, enabling the attacker to fully compromise the server environment.
Quelle⚠️ https://github.com/ez-lbz/poc/issues/28
Benutzer meraklbz (UID 87053)
Einreichung25.06.2025 07:24 (vor 1 Jahr)
Moderieren28.06.2025 13:01 (3 days later)
StatusAkzeptiert
VulDB Eintrag314344 [SourceCodester Simple Company Website 1.0 SystemSettings.php?f=update_settings img erweiterte Rechte]
Punkte20

Do you need the next level of professionalism?

Upgrade your account now!