Отправить #524936: projectworlds Online Time Table Generator 1.0 Unrestricted UploadИнформация

Названиеprojectworlds Online Time Table Generator 1.0 Unrestricted Upload
ОписаниеThe file upload functionality in "/student/updateprofile.php" lacks proper validation of user-supplied files. Attackers can upload malicious scripts (php) due to missing file type checks and extension filtering. The server executes these files in the web-accessible upload directory, leading to full system compromise.
Источник⚠️ https://github.com/ydnd/cve/issues/13
Пользователь
 IEeee (UID 82690)
Представление22.03.2025 03:39 (1 Год назад)
Модерация31.03.2025 14:22 (9 days later)
Статуспринято
Запись VulDB302104 [Project Worlds Online Time Table Generator 1.0 updateprofile.php pic эскалация привилегий]
Баллы18

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!