| Título | Storage Unit Rental Management System v1.0 /storage/classes/Users.php?f=save post form-data parameter filename exists arbitrary file upload |
|---|
| Descripción | Storage Unit Rental Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /storage/classes/Users.php?f=save post form-data parameter 'filename'. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Steps to reproduce
1.Go to the admin Dashboard
2.Click on User List and Click on +Create New
3.Any file can be uploaded, such as uploading php code
4.Access to uploaded files can be executed successfully |
|---|
| Fuente | ⚠️ https://github.com/ret2hh/bug_report/blob/main/UPLOAD.md |
|---|
| Usuario | bit3hh (UID 42576) |
|---|
| Sumisión | 2023-03-20 10:38 (hace 3 años) |
|---|
| Moderación | 2023-03-22 11:03 (2 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 223552 [SourceCodester Storage Unit Rental Management System 1.0 classes/Users.php?f=save escalada de privilegios] |
|---|
| Puntos | 20 |
|---|