| Titre | code-projects online-notice-board-using-php 1.0 Unrestricted Upload |
|---|
| Description | Attacker can upload malicious file when registering through the profile picture upload.
The uploaded profile picture is in no restrictions and will be stored in /images/{USER-EMAIL}/{UPLOAD_FILENAME}
Hackers can upload .php file such as and visit /images/{USER-EMAIL}/malicious_php_file.php?1={ANY COMMAND HERE} to execute any command. |
|---|
| La source | ⚠️ https://github.com/LamentXU123/cve/blob/main/RCE1.md |
|---|
| Utilisateur | LamentXU (UID 78142) |
|---|
| Soumission | 04/12/2024 06:27 (il y a 2 ans) |
|---|
| Modérer | 05/12/2024 09:48 (1 day later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 286979 [code-projects Online Notice Board jusqu’à 1.0 Profile Picture /registration.php img élévation de privilèges] |
|---|
| Points | 19 |
|---|