Submit #42902: Arbitrary file upload exists in Alphaware e-Commerce systeminfo

TitleArbitrary file upload exists in Alphaware e-Commerce system
DescriptionAny file upload Enter the background management page admin_feature.php add a product You need to add files here, you can upload any file Upload a malicious php file <?php @eval($_REQUEST[c]);?> The file is uploaded successfully, check the product image to find the php file path Access the php file and execute the phpinfo command Please see github for details https://github.com/895515845/Alphaware-E-Commerce-System/blob/main/Alphaware_file.md
User
 Anonymous User
Submission08/05/2022 18:35 (4 years ago)
Moderation08/05/2022 20:45 (2 hours later)
StatusAccepted
VulDB entry205666 [SourceCodester Alphaware Simple E-Commerce System Background Management Page admin_feature.php unrestricted upload]
Points17

Do you know our Splunk app?

Download it now for free!