| शीर्षक | Needyamin Library-Card-System 1.0 Unrestricted File Upload |
|---|
| विवरण | Title of the Vulnerability: Library-Card-System V 1.0 | Add Picture/Signature - signup.php | Unrestricted File Upload | Found By Maloy Roy Orko
Finder & Exploit Owner: Maloy Roy Orko
Vulnerability Class: Unrestricted File Upload
Product Name: Library-Card-System
Vendor:
needyamin
Vendor Link:
https://github.com/needyamin/
Vulnerable Product Link: https://github.com/needyamin/Library-Card-System/
Affected Components:
signup.php
Suggested Description:
Unrestricted File Upload in "signup.php" in "Library-Card-System application By needyamin v 1.0" Found By "Maloy Roy Orko" allows "remote" attacker "to upload shell and hijack server via Unrestricted File Upload as no validations are provided" via "signup.php".
Attack Vectors:
To exploit vulnerability,he has to upload picture or signature in signup.php and he has to upload shell instead of them.Thus, Attacker can install web shell as the file upload isn't protected and he can hijack the whole server too!
Detailed Blog:
https://www.websecurityinsights.my.id/2025/02/library-card-system-shell-by-maloyroyorko.html |
|---|
| स्रोत | ⚠️ https://www.websecurityinsights.my.id/2025/02/library-card-system-shell-by-maloyroyorko.html |
|---|
| उपयोगकर्ता | MaloyRoyOrko (UID 79572) |
|---|
| सबमिशन | 06/02/2025 04:02 PM (1 वर्ष पहले) |
|---|
| संयम | 15/02/2025 04:30 PM (9 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 295963 [needyamin Library Card System 1.0 Add Picture /signup.php अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|