| Title | SourceCodester Pet grooming management software 1.0 Unrestricted Upload |
|---|
| Description | This vulnerability exists in the avatar upload function of profile.php. Due to the lack of effective validation and filtering of user-uploaded files, attackers can upload malicious script files (such as .php backdoors). The system directly saves files using the original filenames provided by users to a web-accessible directory, enabling attackers to access and execute the uploaded malicious scripts via URL. This could lead to gaining control of the server, stealing sensitive data, or launching further attacks. |
|---|
| Source | ⚠️ https://github.com/chen2496088236/CVE/issues/8 |
|---|
| User | 111ctx (UID 89466) |
|---|
| Submission | 08/30/2025 15:46 (10 months ago) |
|---|
| Moderation | 09/07/2025 20:33 (8 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 323039 [SourceCodester Pet Grooming Management Software 1.0 /admin/profile.php unrestricted upload] |
|---|
| Points | 20 |
|---|