| Название | Great Developers Certificate Generator System 1.0 Improper Neutralization of Special Elements |
|---|
| Описание | A Remote Code Execution vulnerability (CWE-78) exists in the archive upload functionality. The application directly passes user-controlled input ($file) into OS command execution functions (exec()) without sanitization or escaping. This allows attackers to inject arbitrary shell commands by crafting a malicious filename. Additionally, extracted archive contents are not validated, enabling Zip Slip and file overwrite attacks. |
|---|
| Источник | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Certificate2.md |
|---|
| Пользователь | lakshay12311 (UID 91298) |
|---|
| Представление | 31.01.2026 11:26 (3 месяцы назад) |
|---|
| Модерация | 07.02.2026 16:27 (7 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 344887 [Great Developers Certificate Generation System до 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73 /restructured/csv.php photo эскалация привилегий] |
|---|
| Баллы | 20 |
|---|