| tiêu đề | keerti1924 Online-Book-Store-Website 1.0 1.0 Arbitrary File Upload |
|---|
| Mô tả | The 'product_update.php' script in keerti1924's Online-Book-Store-Website is vulnerable to Arbitrary File Upload, posing a severe security risk. An authenticated admin user can exploit this flaw to upload malicious files, potentially leading to remote code execution or other security breaches. By uploading a crafted PHP file, attackers can execute arbitrary code on the server, compromising the system's integrity. Remediation involves implementing strict input validation and file upload restrictions, allowing only authorized file types and enforcing proper file permissions. Additionally, implementing file upload scanning and validation mechanisms can help detect and prevent the upload of malicious files. |
|---|
| Nguồn | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/File%20Upload/Arbitrary%20FIle%20Upload%20in%20product_update.php%20.md |
|---|
| Người dùng | nochizplz (UID 64302) |
|---|
| Đệ trình | 25/02/2024 16:41 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 07/03/2024 15:35 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 256038 [keerti1924 Online-Book-Store-Website 1.0 product_update.php?update=1 update_image nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|