| 제목 | ajayrandhawa/User-Management-PHP-MYSQL web 1 File Upload Vulnerability |
|---|
| 설명 | This project has two file upload vulnerabilities. After downloading the project to your local machine and setting it up successfully, log in to the administrator account using the initial username and password. You can upload files in the user management interface.
The front-end JavaScript validation only checks the file extension, and is limited to JPG/JPEG formats. However, the server-side does not perform adequate validation, nor does it verify the file type or content. Additionally, the file is not renamed to a random name. Therefore, this file upload vulnerability exists. |
|---|
| 원천 | ⚠️ https://github.com/Lianhaorui/Report/blob/main/FileUpload.docx |
|---|
| 사용자 | lianhaorui (UID 91045) |
|---|
| 제출 | 2025. 10. 11. AM 05:54 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 25. AM 08:25 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329871 [ajayrandhawa User-Management-PHP-MYSQL 까지 fedcf58797bf2791591606f7b61fdad99ad8bff1 User Management Interface /admin/edit-user.php image 권한 상승] |
|---|
| 포인트들 | 20 |
|---|