| Titel | projectworlds Advanced Library Management System 1 Unrestricted Upload |
|---|
| Beschreibung | The Advanced Library Management System (V1.0) suffers from an unrestricted file upload vulnerability in edit_book.php. Authenticated users with edit privileges can upload arbitrary files, including PHP scripts, which are stored under the publicly accessible /upload/ directory. Since these files can be directly accessed via HTTP, an attacker can achieve remote code execution (RCE) by uploading and executing malicious PHP code. This flaw exposes the server to full compromise, data exfiltration, and service disruption, making the issue critical in severity. |
|---|
| Quelle | ⚠️ https://github.com/ChenGuangHuangHun/CVE/issues/3 |
|---|
| Benutzer | chenguang (UID 91178) |
|---|
| Einreichung | 01.10.2025 09:05 (vor 7 Monaten) |
|---|
| Moderieren | 07.10.2025 13:44 (6 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 327361 [projectworlds Advanced Library Management System 1.0 /edit_book.php image erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|