| Título | code-projects Document Management System 1.0 Improper Input Validation |
|---|
| Descrição | A Path Traversal vulnerability (CWE-22) was discovered in the dell.php file of code-projects Document Management System 1.0.
The vulnerability exists because the application, when performing a file deletion operation, directly passes the which parameter from a GET request to the unlink() function without adequately validating or sanitizing the user-supplied path to confine it to the intended directory.
This allows a remote attacker to use path traversal sequences (e.g., ../) to construct a path to an arbitrary file on the server and delete it, provided the web server process has the necessary write permissions. Successful exploitation of this vulnerability could lead to the deletion of critical application files, configuration files, or system files, resulting in a Denial of Service (DoS) or more severe system damage. |
|---|
| Fonte | ⚠️ https://github.com/i-Corner/cve/issues/14 |
|---|
| Utilizador | iC0rner (UID 82839) |
|---|
| Submissão | 30/07/2025 09h22 (há 11 meses) |
|---|
| Moderação | 31/07/2025 20h49 (1 day later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 318461 [code-projects Document Management System 1.0 /dell.php unlink ID Travessia de Diretório] |
|---|
| Pontos | 20 |
|---|