| Title | Storage Unit Rental Management System v1.0 /storage/classes/Users.php?f=save post form-data parameter filename exists arbitrary file upload |
|---|
| Description | Storage Unit Rental Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /storage/classes/Users.php?f=save post form-data parameter 'filename'. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
Steps to reproduce
1.Go to the admin Dashboard
2.Click on User List and Click on +Create New
3.Any file can be uploaded, such as uploading php code
4.Access to uploaded files can be executed successfully |
|---|
| Source | ⚠️ https://github.com/ret2hh/bug_report/blob/main/UPLOAD.md |
|---|
| User | bit3hh (UID 42576) |
|---|
| Submission | 03/20/2023 10:38 (3 years ago) |
|---|
| Moderation | 03/22/2023 11:03 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223552 [SourceCodester Storage Unit Rental Management System 1.0 classes/Users.php?f=save unrestricted upload] |
|---|
| Points | 20 |
|---|