| Titolo | Bdtask Bdtask Flight Booking Software B2B Portal v4 Unrestricted File Upload |
|---|
| Descrizione | Multiple image upload fields in the Agent profile edit page accept user-supplied files without proper server-side validation. Authenticated users can upload executable files (e.g., PHP web shells) disguised as images. Uploaded files are stored in a web-accessible directory and can be executed by requesting their URL, resulting in remote code execution (RCE) and full server compromise. |
|---|
| Fonte | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/6 |
|---|
| Utente | 4m3rr0r (UID 85795) |
|---|
| Sottomissione | 31/10/2025 20:06 (8 mesi fa) |
|---|
| Moderazione | 15/11/2025 07:33 (14 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 332564 [Bdtask Flight Booking Software 4 Edit Profile Page /agent/profile/edit escalationi di privilegi] |
|---|
| Punti | 19 |
|---|