| Titre | sourcecodester Petrol pump management softwarester 1.0 arbitrary file upload |
|---|
| Description | The SOURCECODESTER Petrol Pump Management Software is found to have an unauthenticated arbitrary file upload vulnerability within its /admin/app/service_crud.php component. This critical flaw allows attackers to upload malicious PHP files, such as those containing a phpinfo() call, without any authentication. By exploiting this vulnerability, attackers can gain insights into the server's PHP environment, potentially leading to further exploitation avenues. The vulnerability stems from inadequate file validation and authentication checks, highlighting the urgent need for secure coding practices, including the implementation of file type restrictions and authentication mechanisms to prevent unauthorized file uploads. |
|---|
| La source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/service_crud.php%20Unauthenticated%20Arbitrary%20File%20Upload.md |
|---|
| Utilisateur | nochizplz (UID 64302) |
|---|
| Soumission | 28/02/2024 09:38 (il y a 2 ans) |
|---|
| Modérer | 01/03/2024 07:53 (2 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 255374 [SourceCodester Petrol Pump Management Software 1.0 service_crud.php photo élévation de privilèges] |
|---|
| Points | 20 |
|---|