| 제목 | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 Arbitrary File Upload |
|---|
| 설명 | The Online College Event Hall Reservation System is vulnerable to an Arbitrary File Upload issue within its `/admin/update-rooms.php` script. Attackers can exploit this by uploading files with arbitrary content, such as a PHP script, under the guise of an image file update for a room. The lack of adequate validation on the uploaded file's type and content allows for the execution of server-side scripts, posing a significant security risk. This vulnerability highlights the importance of implementing strict file validation checks, including verifying mime types and file extensions, to prevent the uploading and execution of potentially malicious files. |
|---|
| 원천 | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20update-rooms.php.md |
|---|
| 사용자 | nochizplz (UID 64302) |
|---|
| 제출 | 2024. 03. 08. AM 05:53 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 03. 15. PM 05:29 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 256968 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/update-rooms.php 권한 상승] |
|---|
| 포인트들 | 20 |
|---|