Soumettre #749714: Great Developers Certificate Generator System 1.0 Improper Neutralization of Special Elementsinformation

TitreGreat Developers Certificate Generator System 1.0 Improper Neutralization of Special Elements
DescriptionA Remote Code Execution vulnerability (CWE-78) exists in the archive upload functionality. The application directly passes user-controlled input ($file) into OS command execution functions (exec()) without sanitization or escaping. This allows attackers to inject arbitrary shell commands by crafting a malicious filename. Additionally, extracted archive contents are not validated, enabling Zip Slip and file overwrite attacks.
La source⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Certificate2.md
Utilisateur
 lakshay12311 (UID 91298)
Soumission31/01/2026 11:26 (il y a 3 mois)
Modérer07/02/2026 16:27 (7 days later)
StatutAccepté
Entrée VulDB344887 [Great Developers Certificate Generation System /restructured/csv.php photo élévation de privilèges]
Points20

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!