| Название | Petrol pump management software sourcecodester 1.0 arbitrary file upload |
|---|
| Описание |
A critical vulnerability was identified in the Petrol Pump Management Software offered by SOURCECODESTER, specifically within the /admin/app/product.php component. This vulnerability allows for unauthenticated arbitrary file upload, posing a severe security risk. Attackers can exploit this flaw by uploading malicious files, such as backdoors or web shells, enabling them to execute arbitrary code on the server. The issue is exacerbated by the lack of proper authentication checks and file validation mechanisms, as demonstrated in the provided HTTP request example where a PHP file named nochizplz.php containing a call to phpinfo() is uploaded. This vulnerability underscores the urgent need for implementing robust file upload validation and authentication measures to protect the integrity and security of web applications. |
|---|
| Источник | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md |
|---|
| Пользователь | nochizplz (UID 64302) |
|---|
| Представление | 28.02.2024 07:47 (2 лет назад) |
|---|
| Модерация | 01.03.2024 07:53 (2 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 255373 [SourceCodester Petrol Pump Management Software 1.0 /admin/app/product.php photo эскалация привилегий] |
|---|
| Баллы | 20 |
|---|