| tiêu đề | Campcodes Payroll Management System v1.0 Improper Control of Filename for Include/Require Statement in PH |
|---|
| Mô tả | A file inclusion vulnerability was discovered in the '/index.php' file of the Payroll Management System project. The root cause is that the application directly uses the user-controllable parameter "page" to construct file paths and passes them to the include() file inclusion function. There is no strict validation, filtering, or whitelisting of the input content for this parameter, nor is there any control over the scope of included files. |
|---|
| Nguồn | ⚠️ https://github.com/chenjunjie3/cve/issues/6 |
|---|
| Người dùng | chenjunjie (UID 88914) |
|---|
| Đệ trình | 15/08/2025 14:45 (cách đây 10 các tháng) |
|---|
| Kiểm duyệt | 27/08/2025 08:02 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 321548 [Campcodes Payroll Management System 1.0 /index.php include page nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|