| Title | Unrestricted File Upload in Pharmacy Management System 1.0 |
|---|
| Description | An attacker authenticated with any type of account (Administrator, Manager, Pharmacist, Salesperson) could exploit the vulnerability, potentially achieving remote code execution in the application and causing damage.
PoC in my blog post: https://blog.0xgabe.com/?p=71
Other informations about file upload vulnerability:
https://portswigger.net/web-security/file-upload
https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload |
|---|
| Source | ⚠️ https://code-projects.org/pharmacy-management-system-in-php-with-source-code/ |
|---|
| User | Anonymous User |
|---|
| Submission | 02/19/2023 06:02 (3 years ago) |
|---|
| Moderation | 02/19/2023 09:19 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 221494 [codeprojects Pharmacy Management System 1.0 Avatar Image add.php unrestricted upload] |
|---|
| Points | 20 |
|---|