| Title | code-projects CONTENT MANAGEMENT SYSTEM, News-Buzz 1.0 Unrestricted Upload |
|---|
| Description | /admin/publishnews.php verifies file type only using the content-type header which is set client side. This allows an authenticated attacker upload a php webshell disguised as an image file to gain remote code execution. |
|---|
| Source | ⚠️ https://gist.github.com/Lytes/266e5fa6eb4506fe2c7e35166664249a |
|---|
| User | Anonymous User |
|---|
| Submission | 01/07/2025 20:25 (1 Year ago) |
|---|
| Moderation | 01/08/2025 21:37 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 290859 [code-projects Content Management System 1.0 Publish News Page /admin/publishnews.php image unrestricted upload] |
|---|
| Points | 16 |
|---|