| Title | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 Arbitrary File Upload |
|---|
| Description | The Online College Event Hall Reservation System is vulnerable to an Arbitrary File Upload issue within its `/admin/update-rooms.php` script. Attackers can exploit this by uploading files with arbitrary content, such as a PHP script, under the guise of an image file update for a room. The lack of adequate validation on the uploaded file's type and content allows for the execution of server-side scripts, posing a significant security risk. This vulnerability highlights the importance of implementing strict file validation checks, including verifying mime types and file extensions, to prevent the uploading and execution of potentially malicious files. |
|---|
| Source | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20update-rooms.php.md |
|---|
| User | nochizplz (UID 64302) |
|---|
| Submission | 03/08/2024 05:53 (2 years ago) |
|---|
| Moderation | 03/15/2024 17:29 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 256968 [MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/update-rooms.php unrestricted upload] |
|---|
| Points | 20 |
|---|