| タイトル | Tenst-register.php has a file upload vulnerability |
|---|
| 説明 | Build environment: Apache 2.4.39; MySQL5.7.26; PHP7.3.4
Tenst-register.php has a file upload vulnerability
<form method="POST" action="tenant-engine.php" enctype="multipart/form-data">
tenant-register. PHP, the ninth line of code. The information filled in by the front end includes the uploaded file, which is transferred to the back end through POST requests. No filtering is performed in this process
tenant-engine.php,
In tenant engineering Php, the 40th line of code - the 51st line of code. The uploaded file is stored in the tenant photo directory, and the successful file upload returns the file name information, |
|---|
| ソース | ⚠️ https://github.com/nikeshtiwari1/House-Rental-System/issues/8 |
|---|
| ユーザー | ace. (UID 34853) |
|---|
| 送信 | 2022年12月02日 02:48 (4 年 ago) |
|---|
| モデレーション | 2022年12月03日 11:22 (1 day later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 214772 [House Rental System POST Request tenant-engine.php id_photo 特権昇格] |
|---|
| ポイント | 20 |
|---|