| タイトル | SourceCodester Student Management System V1.0 Unrestricted Upload |
|---|
| 説明 | The input obtained through doupdateimage in line 218 of the student\controller.php file is used by doupdateimage in line 237 of the student\controller.php file to determine the location of the file to be written, which may allow attackers to change or damage the content of the file, or create a brand new file
Schnee found that the file upload operation was triggered in /student/controller.php, and the _FAILE variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE. |
|---|
| ソース | ⚠️ https://github.com/I-Schnee-I/cev/blob/main/SourceCodester%20Student%20Management%20System%201.0%20controller.php%20Unrestricted%20Upload.md |
|---|
| ユーザー | Schnee (UID 68656) |
|---|
| 送信 | 2024年05月15日 20:31 (2 年 ago) |
|---|
| モデレーション | 2024年05月17日 07:55 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 264744 [SourceCodester Student Management System 1.0 /student/controller.php photo 特権昇格] |
|---|
| ポイント | 20 |
|---|