| Название | SourceCodester Student Management System V1.0 Unrestricted Upload |
|---|
| Описание | The input obtained through doupdateimage in line 218 of the student\controller.php file is used by doupdateimage in line 237 of the student\controller.php file to determine the location of the file to be written, which may allow attackers to change or damage the content of the file, or create a brand new file
Schnee found that the file upload operation was triggered in /student/controller.php, and the _FAILE variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE. |
|---|
| Источник | ⚠️ https://github.com/I-Schnee-I/cev/blob/main/SourceCodester%20Student%20Management%20System%201.0%20controller.php%20Unrestricted%20Upload.md |
|---|
| Пользователь | Schnee (UID 68656) |
|---|
| Представление | 15.05.2024 20:31 (2 лет назад) |
|---|
| Модерация | 17.05.2024 07:55 (1 day later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 264744 [SourceCodester Student Management System 1.0 /student/controller.php photo эскалация привилегий] |
|---|
| Баллы | 20 |
|---|