| 제목 | PHPGurukul ONHS Project PHP V1.0 SQL Injection |
|---|
| 설명 | During a security review of "ONHS Project PHP", 0x0A1lha discovered a critical arbitrary file deletion vulnerability in the /admin/manage-nurse.php file. This vulnerability is caused by insufficient validation of the user's input of the 'profilepic' parameter, which allows the attacker to construct payload to traverse the directory and delete any file. For example: /manage-nurse.php?action=delete&bsid=1&profilepic=.. /.. /.. /.. Therefore, an attacker can delete arbitrary files on the server, including system files, web files, etc. Checksums need to be added to enhance the verification. |
|---|
| 원천 | ⚠️ https://github.com/wqywfvc/CVE/issues/16 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 02. 22. PM 01:20 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 02. 22. PM 04:58 (4 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 296572 [PHPGurukul Online Nurse Hiring System 1.0 /admin/manage-nurse.php profilepic] |
|---|
| 포인트들 | 20 |
|---|