| タイトル | SOURCECODESTER File Manager App 1.0 Arbitrary File Upload |
|---|
| 説明 | The File Manager App has an Arbitrary File Upload vulnerability in `/endpoint/update-file.php`, allowing attackers to upload files of any type, including PHP scripts. This flaw can lead to executing arbitrary server-side code. The issue arises from insufficient validation of uploaded file types, enabling the upload of potentially malicious files under the guise of legitimate ones. This vulnerability highlights the critical need for strict file validation mechanisms, including checking MIME types and file extensions, to prevent unauthorized file uploads and protect the system from possible exploits. |
|---|
| ソース | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md |
|---|
| ユーザー | nochizplz (UID 64302) |
|---|
| 送信 | 2024年03月17日 12:47 (2 年 ago) |
|---|
| モデレーション | 2024年03月18日 17:07 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 257182 [SourceCodester File Manager App 1.0 update-file.php ファイル 特権昇格] |
|---|
| ポイント | 20 |
|---|