| शीर्षक | ode-projects.org Computer Laboratory System In PHP With Source Code 1.0 Incomplete Identification of Uploaded File Variables |
|---|
| विवरण | Product and Version Affected
Product Name: Computer Laboratory System In PHP With Source Code
Affected File: admin/admin_pic.php
Detailed Description
The affected code handles administrator profile image uploads without performing any security validations. When the user submits an image, the application directly moves the uploaded file to the uploads/ directory using the original filename provided by the user:
move_uploaded_file($_FILES["image"]["tmp_name"], "uploads/" . $_FILES["image"]["name"]);
No checks are performed on:
File extension
MIME type
File content
File name safety
Double extensions (e.g., shell.php.jpg)
Directory traversal attempts (../../shell.php) |
|---|
| स्रोत | ⚠️ https://github.com/Yohane-Mashiro/cve/blob/main/upload%204.md |
|---|
| उपयोगकर्ता | Yohane-Mashiro (UID 92825) |
|---|
| सबमिशन | 06/12/2025 02:59 PM (5 महीनों पहले) |
|---|
| संयम | 13/12/2025 09:36 AM (7 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 336375 [code-projects Computer Laboratory System 1.0 technical_staff_pic.php image अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|