| Título | SourceCodester Student Management System V1.0 Unrestricted Upload |
|---|
| Descripción | The input obtained through doupdateimage in line 218 of the student\controller.php file is used by doupdateimage in line 237 of the student\controller.php file to determine the location of the file to be written, which may allow attackers to change or damage the content of the file, or create a brand new file
Schnee found that the file upload operation was triggered in /student/controller.php, and the _FAILE variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE. |
|---|
| Fuente | ⚠️ https://github.com/I-Schnee-I/cev/blob/main/SourceCodester%20Student%20Management%20System%201.0%20controller.php%20Unrestricted%20Upload.md |
|---|
| Usuario | Schnee (UID 68656) |
|---|
| Sumisión | 2024-05-15 20:31 (hace 2 años) |
|---|
| Moderación | 2024-05-17 07:55 (1 day later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 264744 [SourceCodester Student Management System 1.0 /student/controller.php photo escalada de privilegios] |
|---|
| Puntos | 20 |
|---|