| タイトル | SourceCodester Pet grooming management software 1.0 Unrestricted Upload |
|---|
| 説明 | The file upload functionality in manage_website.php contains severe security vulnerabilities. It relies solely on frontend filtering for file type verification and completely lacks server-side validation of the file's actual type. For example, it does not use functions like getimagesize() to verify whether the uploaded file is a genuine image. This allows attackers to easily bypass frontend restrictions and upload malicious files. More critically, these files are directly saved to the accessible directory of the web server(/petgrooming_erp/pet_grooming/assets/uploadImage/Logo)—while retaining their original filenames. This means that if an attacker uploads a file with an executable extension (such as .php), the server may parse and execute it. This could enable the attacker to gain control of the server, thereby causing serious security breaches. |
|---|
| ソース | ⚠️ https://github.com/chen2496088236/CVE/issues/9 |
|---|
| ユーザー | 111ctx (UID 89466) |
|---|
| 送信 | 2025年08月30日 16:26 (10 月 ago) |
|---|
| モデレーション | 2025年09月07日 20:39 (8 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 323041 [SourceCodester Pet Grooming Management Software 1.0 manage_website.php 特権昇格] |
|---|
| ポイント | 20 |
|---|