| 제목 | Code-Projects 学生文件管理系统 V1.0 任意文件上传 |
|---|
| 설명 | An arbitrary file upload vulnerability was discovered in the "/student_profile.php" file of the "Student Profile Management System PHP". The cause of this issue is that after logging in with valid credentials, attackers can upload any file. The application failed to properly sanitize or validate during the upload verification process. This enables attackers to upload malicious files (such as WebShells), potentially leading to server compromise. |
|---|
| 원천 | ⚠️ https://github.com/Bai-public/CVE/issues/3 |
|---|
| 사용자 | Mountain Ghost (UID 92943) |
|---|
| 제출 | 2025. 12. 21. AM 08:41 (4 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 23. PM 03:23 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 337857 [code-projects Student File Management System 1.0 /save_file.php 파일 권한 상승] |
|---|
| 포인트들 | 20 |
|---|