| 제목 | code-projects Document Management System 1.0 Improper Input Validation |
|---|
| 설명 | A Path Traversal vulnerability (CWE-22) was discovered in the dell.php file of code-projects Document Management System 1.0.
The vulnerability exists because the application, when performing a file deletion operation, directly passes the which parameter from a GET request to the unlink() function without adequately validating or sanitizing the user-supplied path to confine it to the intended directory.
This allows a remote attacker to use path traversal sequences (e.g., ../) to construct a path to an arbitrary file on the server and delete it, provided the web server process has the necessary write permissions. Successful exploitation of this vulnerability could lead to the deletion of critical application files, configuration files, or system files, resulting in a Denial of Service (DoS) or more severe system damage. |
|---|
| 원천 | ⚠️ https://github.com/i-Corner/cve/issues/14 |
|---|
| 사용자 | iC0rner (UID 82839) |
|---|
| 제출 | 2025. 07. 30. AM 09:22 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 07. 31. PM 08:49 (1 day later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 318461 [code-projects Document Management System 1.0 /dell.php unlink 아이디 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|