| Title | SourceCodester Home Clean Service System in PHP Free Source Code V1.0 Unrestricted Upload |
|---|
| Description | Fengxiangdi found that the file upload operation was triggered in student.add.php, and the _FAILE variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE.
The input obtained from line 8 of the \admin\student.add.php file is used to determine the location of the file to be written, which may allow attackers to modify or damage the content of the file, or create a brand new file. |
|---|
| Source | ⚠️ https://github.com/xuanluansec/vul/issues/5 |
|---|
| User | fengxiangdi (UID 67634) |
|---|
| Submission | 04/17/2024 19:19 (2 years ago) |
|---|
| Moderation | 04/18/2024 07:56 (13 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 261440 [SourceCodester Home Clean Service System 1.0 Photo \admin\student.add.php unrestricted upload] |
|---|
| Points | 20 |
|---|