| tiêu đề | sourcecodester Petrol pump management softwarester 1.0 arbitrary file upload |
|---|
| Mô tả | The SOURCECODESTER Petrol Pump Management Software is found to have an unauthenticated arbitrary file upload vulnerability within its /admin/app/service_crud.php component. This critical flaw allows attackers to upload malicious PHP files, such as those containing a phpinfo() call, without any authentication. By exploiting this vulnerability, attackers can gain insights into the server's PHP environment, potentially leading to further exploitation avenues. The vulnerability stems from inadequate file validation and authentication checks, highlighting the urgent need for secure coding practices, including the implementation of file type restrictions and authentication mechanisms to prevent unauthorized file uploads. |
|---|
| Nguồn | ⚠️ https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/service_crud.php%20Unauthenticated%20Arbitrary%20File%20Upload.md |
|---|
| Người dùng | nochizplz (UID 64302) |
|---|
| Đệ trình | 28/02/2024 09:38 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 01/03/2024 07:53 (2 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 255374 [SourceCodester Petrol Pump Management Software 1.0 service_crud.php photo nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|