Submeter #103560: Storage Unit Rental Management System v1.0 /storage/classes/Users.php?f=save post form-data parameter filename exists arbitrary file uploadinformação

TítuloStorage Unit Rental Management System v1.0 /storage/classes/Users.php?f=save post form-data parameter filename exists arbitrary file upload
DescriçãoStorage Unit Rental Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /storage/classes/Users.php?f=save post form-data parameter 'filename'. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Steps to reproduce 1.Go to the admin Dashboard 2.Click on User List and Click on +Create New 3.Any file can be uploaded, such as uploading php code 4.Access to uploaded files can be executed successfully
Fonte⚠️ https://github.com/ret2hh/bug_report/blob/main/UPLOAD.md
Utilizador
 bit3hh (UID 42576)
Submissão20/03/2023 10h38 (há 3 anos)
Moderação22/03/2023 11h03 (2 days later)
EstadoAceite
Entrada VulDB223552 [SourceCodester Storage Unit Rental Management System 1.0 classes/Users.php?f=save Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!