| Название | code-projects online-notice-board-using-php 1.0 Unrestricted Upload |
|---|
| Описание | Attacker can upload malicious file when registering through the profile picture upload.
The uploaded profile picture is in no restrictions and will be stored in /images/{USER-EMAIL}/{UPLOAD_FILENAME}
Hackers can upload .php file such as and visit /images/{USER-EMAIL}/malicious_php_file.php?1={ANY COMMAND HERE} to execute any command. |
|---|
| Источник | ⚠️ https://github.com/LamentXU123/cve/blob/main/RCE1.md |
|---|
| Пользователь | LamentXU (UID 78142) |
|---|
| Представление | 04.12.2024 06:27 (2 лет назад) |
|---|
| Модерация | 05.12.2024 09:48 (1 day later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 286979 [code-projects Online Notice Board до 1.0 Profile Picture /registration.php img эскалация привилегий] |
|---|
| Баллы | 19 |
|---|