| Title | SourceCodester Open Source Clinic Management System in PHP with Full Source Code V1.0 Unrestricted Upload |
|---|
| Description | Cece Chen from Wuhan University found that the file upload operation was triggered in /source code/setting.php, and the _FAILES variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE.
The input obtained from line 23 of the "clinic full source code with database-0/source code/setting.php" file is used in line 26 of the "clinic full source code with database-0/source code/setting.php" file to determine the location of the file to be written, which may allow attackers to change or damage the content of the file, or create a brand new file. |
|---|
| Source | ⚠️ https://github.com/CveSecLook/cve/issues/26 |
|---|
| User | Cece Chen from Wuhan University (UID 68577) |
|---|
| Submission | 05/10/2024 17:42 (2 years ago) |
|---|
| Moderation | 05/12/2024 07:39 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 263929 [SourceCodester Open Source Clinic Management System 1.0 setting.php logo unrestricted upload] |
|---|
| Points | 20 |
|---|