| 제목 | Storage Unit Rental Management System v1.0 /storage/classes/Users.php?f=save post form-data parameter filename exists arbitrary file upload |
|---|
| 설명 | Storage Unit Rental Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /storage/classes/Users.php?f=save post form-data parameter 'filename'. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Steps to reproduce
1.Go to the admin Dashboard
2.Click on User List and Click on +Create New
3.Any file can be uploaded, such as uploading php code
4.Access to uploaded files can be executed successfully |
|---|
| 원천 | ⚠️ https://github.com/ret2hh/bug_report/blob/main/UPLOAD.md |
|---|
| 사용자 | bit3hh (UID 42576) |
|---|
| 제출 | 2023. 03. 20. AM 10:38 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 03. 22. AM 11:03 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 223552 [SourceCodester Storage Unit Rental Management System 1.0 classes/Users.php?f=save 권한 상승] |
|---|
| 포인트들 | 20 |
|---|