| Title | SourceCodester Online student management system in php free download v1.0 Unrestricted Upload |
|---|
| Description | The input obtained through PHP on line 23 of the \student \add students.php file is used by PHP on line 41 of the \student \add students.hp file to determine the location of the file to be written, which may allow attackers to modify or damage the content of the file, or create a brand new file.
aaajun found that the file upload operation was triggered in add-students.php, and the _FAILE variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE. |
|---|
| Source | ⚠️ https://github.com/aaajuna/demo/issues/1 |
|---|
| User | aaajun (UID 70738) |
|---|
| Submission | 07/15/2024 08:10 (2 years ago) |
|---|
| Moderation | 07/16/2024 21:15 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 271703 [SourceCodester Online Student Management System 1.0 /add-students.php image unrestricted upload] |
|---|
| Points | 20 |
|---|