| Название | code-projects Document Management System 1.0 Improper Input Validation |
|---|
| Описание | A Path Traversal vulnerability (CWE-22) was discovered in the dell.php file of code-projects Document Management System 1.0.
The vulnerability exists because the application, when performing a file deletion operation, directly passes the which parameter from a GET request to the unlink() function without adequately validating or sanitizing the user-supplied path to confine it to the intended directory.
This allows a remote attacker to use path traversal sequences (e.g., ../) to construct a path to an arbitrary file on the server and delete it, provided the web server process has the necessary write permissions. Successful exploitation of this vulnerability could lead to the deletion of critical application files, configuration files, or system files, resulting in a Denial of Service (DoS) or more severe system damage. |
|---|
| Источник | ⚠️ https://github.com/i-Corner/cve/issues/14 |
|---|
| Пользователь | iC0rner (UID 82839) |
|---|
| Представление | 30.07.2025 09:22 (11 месяцы назад) |
|---|
| Модерация | 31.07.2025 20:49 (1 day later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 318461 [code-projects Document Management System 1.0 /dell.php unlink ИД обход каталога] |
|---|
| Баллы | 20 |
|---|