| 제목 | Petrol pump management software sourcecodester 1.0 arbitrary file upload |
|---|
| 설명 |
A critical vulnerability was identified in the Petrol Pump Management Software offered by SOURCECODESTER, specifically within the /admin/app/product.php component. This vulnerability allows for unauthenticated arbitrary file upload, posing a severe security risk. Attackers can exploit this flaw by uploading malicious files, such as backdoors or web shells, enabling them to execute arbitrary code on the server. The issue is exacerbated by the lack of proper authentication checks and file validation mechanisms, as demonstrated in the provided HTTP request example where a PHP file named nochizplz.php containing a call to phpinfo() is uploaded. This vulnerability underscores the urgent need for implementing robust file upload validation and authentication measures to protect the integrity and security of web applications. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 28. AM 07:47 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 01. AM 07:53 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 255373 [SourceCodester Petrol Pump Management Software 1.0 /admin/app/product.php photo 권한 상승] |
|---|
| 포인트들 | 20 |
|---|