提出 #855977: code-projects Online Job Portal System 1.0 Allocation of File Descriptors or Handles Without Limits or Thro情報

タイトルcode-projects Online Job Portal System 1.0 Allocation of File Descriptors or Handles Without Limits or Thro
説明During a security review of "Online Job Portal System", a critical unrestricted file upload vulnerability was discovered in the JobSeeker registration script /JobSeekerInsert.php. The file upload functionality accepts arbitrary file types and saves them to the web-accessible /upload/ directory using the original filename verbatim. A PHP webshell uploaded by an attacker is immediately accessible and executable by any browser, granting Remote Code Execution on the server. No authentication or authorization is required to trigger this vulnerability.
ソース⚠️ https://github.com/shihuizhang-dazhi/MY-CVE/issues/6
ユーザー
 dazhi (UID 87857)
送信2026年06月11日 12:56 (1 月 ago)
モデレーション2026年07月13日 23:19 (1 month later)
ステータス承諾済み
VulDBエントリ378167 [code-projects Online Job Portal 1.0 /JobSeekerInsert.php txtFile 特権昇格]
ポイント20

Might our Artificial Intelligence support you?

Check our Alexa App!