| Título | SourceCodester Pet grooming management software 1.0 Unrestricted Upload |
|---|
| Descripción | The file upload functionality in manage_website.php contains severe security vulnerabilities. It relies solely on frontend filtering for file type verification and completely lacks server-side validation of the file's actual type. For example, it does not use functions like getimagesize() to verify whether the uploaded file is a genuine image. This allows attackers to easily bypass frontend restrictions and upload malicious files. More critically, these files are directly saved to the accessible directory of the web server(/petgrooming_erp/pet_grooming/assets/uploadImage/Logo)—while retaining their original filenames. This means that if an attacker uploads a file with an executable extension (such as .php), the server may parse and execute it. This could enable the attacker to gain control of the server, thereby causing serious security breaches. |
|---|
| Fuente | ⚠️ https://github.com/chen2496088236/CVE/issues/9 |
|---|
| Usuario | 111ctx (UID 89466) |
|---|
| Sumisión | 2025-08-30 16:26 (hace 10 meses) |
|---|
| Moderación | 2025-09-07 20:39 (8 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 323041 [SourceCodester Pet Grooming Management Software 1.0 manage_website.php escalada de privilegios] |
|---|
| Puntos | 20 |
|---|