Soumettre #749713: Great Developers Certificate Generator System 1.0 Unrestricted Uploadinformation

TitreGreat Developers Certificate Generator System 1.0 Unrestricted Upload
DescriptionAn Arbitrary File Upload vulnerability (CWE-434) exists in the CSV upload functionality. The application validates uploaded files solely based on the file extension and concatenates the original filename directly into the destination path. This validation can be trivially bypassed by supplying a crafted filename such as payload.csv.php. No MIME type validation, file size restriction, or content inspection is performed. Uploaded files are stored in a web-accessible directory, enabling potential execution of malicious scripts if server-side execution is permitted.
La source⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Certificate.md
Utilisateur
 lakshay12311 (UID 91298)
Soumission31/01/2026 11:22 (il y a 3 mois)
Modérer07/02/2026 16:27 (7 days later)
StatutAccepté
Entrée VulDB344886 [Great Developers Certificate Generation System /restructured/csv.php élévation de privilèges]
Points20

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!