Submeter #524936: projectworlds Online Time Table Generator 1.0 Unrestricted Uploadinformação

Títuloprojectworlds Online Time Table Generator 1.0 Unrestricted Upload
DescriçãoThe file upload functionality in "/student/updateprofile.php" lacks proper validation of user-supplied files. Attackers can upload malicious scripts (php) due to missing file type checks and extension filtering. The server executes these files in the web-accessible upload directory, leading to full system compromise.
Fonte⚠️ https://github.com/ydnd/cve/issues/13
Utilizador
 IEeee (UID 82690)
Submissão22/03/2025 03h39 (há 1 Ano)
Moderação31/03/2025 14h22 (9 days later)
EstadoAceite
Entrada VulDB302104 [Project Worlds Online Time Table Generator 1.0 updateprofile.php pic Elevação de Privilégios]
Pontos18

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!