Submeter #283562: CodeAstro Membership Management System 1.0 Unrestricted Uploadinformação

Título	CodeAstro Membership Management System 1.0 Unrestricted Upload
Descrição	#Description The CodeAstro Membership Management System 1.0 is vulnerable to Remote Code Execution due to unrestricted file upload on the MemberPhoto feature. #Steps to Reproduce 1)Login to the Membership Management System UI 2)Navigate to Add Members Tab 3)Fill in the given details and upload a malicious php file under the "Member Photo" upload feature and click submit 4)Navigate to the dashboard --> Right click on the uploaded user's photo and click "Open Image in New Tab" 5)The uploaded PHP file is executed --> http://127.0.0.1/membershipm/uploads/member_photos/<uniquefilename>.php #Impact Attacker can run arbitrary code on the target system. #Product Link https://codeastro.com/membership-management-system-in-php-with-source-code/
Fonte	⚠️ https://drive.google.com/file/d/12sNvBJ7wYjZ-2NBLdyG4e-L8sOO-zrbK/view?usp=sharing
Utilizador	sickuritywizard (UID 63855)
Submissão	16/02/2024 18h01 (há 2 anos)
Moderação	23/02/2024 09h08 (7 days later)
Estado	Aceite
Entrada VulDB	254607 [CodeAstro Membership Management System 1.0 Add Members Tab Member Photo Elevação de Privilégios]
Pontos	20

Do you know our Splunk app?

Download it now for free!