| 제목 | LearnHouse learnhouse 98dfad76aad70711a8113f6c1fdabfccf10509ca Unrestricted Upload |
|---|
| 설명 | LearnHouse contains multiple vulnerabilities related to its file upload functionality. First, improper sanitization of SVG files allows for a Stored Cross-Site Scripting (XSS) attack, enabling attackers to execute arbitrary JavaScript in the browsers of users viewing the malicious image. Second, the application fails to properly validate file types on the server-side, allowing for the upload of dangerous files such as Python scripts (.py). This could lead to Remote Code Execution (RCE), giving an attacker control over the server. Both vulnerabilities affect all versions up to commit 98dfad7. |
|---|
| 원천 | ⚠️ https://gist.github.com/KhanMarshaI/c06263648d8a807108801e1a4daf0ab9 |
|---|
| 사용자 | KhanMarshal (UID 89610) |
|---|
| 제출 | 2025. 10. 13. AM 11:57 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 26. PM 05:01 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329941 [LearnHouse 까지 98dfad76aad70711a8113f6c1fdabfccf10509ca Account Setting Page previews 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|