| Título | Petrol pump management software sourcecodester 1.0 arbitrary file upload |
|---|
| Descrição |
A critical vulnerability was identified in the Petrol Pump Management Software offered by SOURCECODESTER, specifically within the /admin/app/product.php component. This vulnerability allows for unauthenticated arbitrary file upload, posing a severe security risk. Attackers can exploit this flaw by uploading malicious files, such as backdoors or web shells, enabling them to execute arbitrary code on the server. The issue is exacerbated by the lack of proper authentication checks and file validation mechanisms, as demonstrated in the provided HTTP request example where a PHP file named nochizplz.php containing a call to phpinfo() is uploaded. This vulnerability underscores the urgent need for implementing robust file upload validation and authentication measures to protect the integrity and security of web applications. |
|---|
| Fonte | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md |
|---|
| Utilizador | nochizplz (UID 64302) |
|---|
| Submissão | 28/02/2024 07h47 (há 2 anos) |
|---|
| Moderação | 01/03/2024 07h53 (2 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 255373 [SourceCodester Petrol Pump Management Software 1.0 /admin/app/product.php photo Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|