| 제목 | code-projects Online Lot Reservation System 1.0 File Disclosure / LFI |
|---|
| 설명 | An arbitrary file reading vulnerability was found in the download.php file. The vulnerability stems from the fact that the file parameter input by the user is not filtered or validated and is directly passed to the readfile() function. Attackers can read any file on the server through path traversal or absolute paths, including system configurations, sensitive data, and files of other applications. |
|---|
| 원천 | ⚠️ https://github.com/zzk6th/cve/issues/2 |
|---|
| 사용자 | z0ng (UID 96775) |
|---|
| 제출 | 2026. 04. 09. PM 01:55 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 04. 26. PM 09:21 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359731 [code-projects Online Lot Reservation System 까지 1.0 /download.php readfile 파일 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|