| tiêu đề | projectworlds Online Tours and Travels Project V1.0 Incomplete Identification of Uploaded File Variables |
|---|
| Mô tả | During the security assessment of "Online Tours and Travels Project", I detected a critical file upload vulnerability in the "admin/change-image.php" file. This vulnerability is attributed to the insufficient validation of user-supplied files for the "submit" parameter. This inadequacy enables attackers to upload malicious files without proper restrictions. Consequently, attackers can achieve remote code execution, modify or delete files, and gain control over the system. Immediate corrective actions are essential to safeguard system security and uphold data integrity. |
|---|
| Nguồn | ⚠️ https://github.com/Landjun/CVE/issues/1 |
|---|
| Người dùng | guanguanlaoshi (UID 90954) |
|---|
| Đệ trình | 25/09/2025 08:14 (cách đây 7 các tháng) |
|---|
| Kiểm duyệt | 27/09/2025 19:16 (2 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 326184 [Projectworlds Online Tours and Travels 1.0 /admin/change-image.php packageimage nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|