제출 #333874: Codezips E-commerce Site Using PHP With Source Code V1.0 Unrestricted Upload정보

제목Codezips E-commerce Site Using PHP With Source Code V1.0 Unrestricted Upload
설명polaris0x1 found that the file upload operation was triggered in admin/addproduct.php, and the _FAILES variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE. The input obtained from line 38 of the "/admin/addproduct.php" file is used in line 57 of the "/admin/addproduct.php" file to determine the location of the file to be written, which may allow attackers to change or damage the content of the file, or create a brand new file.
원천⚠️ https://github.com/polaris0x1/CVE/issues/1
사용자
 polaris0x1 (UID 67906)
제출2024. 05. 14. PM 01:39 (2 연령 ago)
모더레이션2024. 05. 15. PM 01:54 (1 day later)
상태수락
VulDB 항목264460 [Codezips E-Commerce Site 1.0 admin/addproduct.php profilepic 권한 상승]
포인트들20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!