| Titel | SourceCodester Pet grooming management software 1.0 Unrestricted Upload |
|---|
| Beschreibung | The file upload functionality in manage_website.php contains severe security vulnerabilities. It relies solely on frontend filtering for file type verification and completely lacks server-side validation of the file's actual type. For example, it does not use functions like getimagesize() to verify whether the uploaded file is a genuine image. This allows attackers to easily bypass frontend restrictions and upload malicious files. More critically, these files are directly saved to the accessible directory of the web server(/petgrooming_erp/pet_grooming/assets/uploadImage/Logo)—while retaining their original filenames. This means that if an attacker uploads a file with an executable extension (such as .php), the server may parse and execute it. This could enable the attacker to gain control of the server, thereby causing serious security breaches. |
|---|
| Quelle | ⚠️ https://github.com/chen2496088236/CVE/issues/9 |
|---|
| Benutzer | 111ctx (UID 89466) |
|---|
| Einreichung | 30.08.2025 16:26 (vor 10 Monaten) |
|---|
| Moderieren | 07.09.2025 20:39 (8 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 323041 [SourceCodester Pet Grooming Management Software 1.0 manage_website.php erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|