| tiêu đề | SourceCodester SchoolWebTech V1.0 Unrestricted Upload |
|---|
| Mô tả | The input obtained through PHP in line 375 of the \ improve \ home.php file is used by PHP in line 375 to determine the location of the file to be written, which may allow attackers to modify or damage the content of the file, or create a brand new file.
zebra11 found that the file upload operation was triggered in /improve/home.php, and the _FAILE variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE. |
|---|
| Nguồn | ⚠️ https://github.com/CveSecLook/cve/issues/30 |
|---|
| Người dùng | zebra11 (UID 68838) |
|---|
| Đệ trình | 14/05/2024 17:51 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 15/05/2024 21:19 (1 day later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 264534 [SourceCodester SchoolWebTech 1.0 /improve/home.php image nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|