| 제목 | sourcecodester Petrol pump management softwarester 1.0 arbitrary file upload |
|---|
| 설명 | The SOURCECODESTER Petrol Pump Management Software is found to have an unauthenticated arbitrary file upload vulnerability within its /admin/app/service_crud.php component. This critical flaw allows attackers to upload malicious PHP files, such as those containing a phpinfo() call, without any authentication. By exploiting this vulnerability, attackers can gain insights into the server's PHP environment, potentially leading to further exploitation avenues. The vulnerability stems from inadequate file validation and authentication checks, highlighting the urgent need for secure coding practices, including the implementation of file type restrictions and authentication mechanisms to prevent unauthorized file uploads. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/service_crud.php%20Unauthenticated%20Arbitrary%20File%20Upload.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 02. 28. AM 09:38 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 01. AM 07:53 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 255374 [SourceCodester Petrol Pump Management Software 1.0 service_crud.php photo 권한 상승] |
|---|
| 포인트들 | 20 |
|---|