| Title | Petrol pump management software sourcecodester 1.0 arbitrary file upload |
|---|
| Description |
A critical vulnerability was identified in the Petrol Pump Management Software offered by SOURCECODESTER, specifically within the /admin/app/product.php component. This vulnerability allows for unauthenticated arbitrary file upload, posing a severe security risk. Attackers can exploit this flaw by uploading malicious files, such as backdoors or web shells, enabling them to execute arbitrary code on the server. The issue is exacerbated by the lack of proper authentication checks and file validation mechanisms, as demonstrated in the provided HTTP request example where a PHP file named nochizplz.php containing a call to phpinfo() is uploaded. This vulnerability underscores the urgent need for implementing robust file upload validation and authentication measures to protect the integrity and security of web applications. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md |
|---|
| User | nochizplz (UID 64302) |
|---|
| Submission | 02/28/2024 07:47 (2 years ago) |
|---|
| Moderation | 03/01/2024 07:53 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 255373 [SourceCodester Petrol Pump Management Software 1.0 /admin/app/product.php photo unrestricted upload] |
|---|
| Points | 20 |
|---|