| 제목 | SourceCodester Pet grooming management software 1.0 Unrestricted Upload |
|---|
| 설명 | The file upload functionality in manage_website.php contains severe security vulnerabilities. It relies solely on frontend filtering for file type verification and completely lacks server-side validation of the file's actual type. For example, it does not use functions like getimagesize() to verify whether the uploaded file is a genuine image. This allows attackers to easily bypass frontend restrictions and upload malicious files. More critically, these files are directly saved to the accessible directory of the web server(/petgrooming_erp/pet_grooming/assets/uploadImage/Logo)—while retaining their original filenames. This means that if an attacker uploads a file with an executable extension (such as .php), the server may parse and execute it. This could enable the attacker to gain control of the server, thereby causing serious security breaches. |
|---|
| 원천 | ⚠️ https://github.com/chen2496088236/CVE/issues/9 |
|---|
| 사용자 | 111ctx (UID 89466) |
|---|
| 제출 | 2025. 08. 30. PM 04:26 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 07. PM 08:39 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 323041 [SourceCodester Pet Grooming Management Software 1.0 manage_website.php 권한 상승] |
|---|
| 포인트들 | 20 |
|---|