| tiêu đề | SourceCodester Online Book Store System 1.0 Remote Code Execution |
|---|
| Mô tả | A critical authenticated Remote Code Execution vulnerability exists in SourceCodester Online Book Store System 1.0.
The Book Management functionality allows authenticated administrators to upload arbitrary files without proper validation of file extension, MIME type, or executable content.
An attacker can upload a malicious PHP web shell through the book image upload feature. The uploaded file is stored inside a web-accessible directory and executed by the PHP interpreter when accessed through the browser.
Successful exploitation allows arbitrary operating system command execution with the privileges of the web server process, leading to complete compromise of the application and potentially the underlying server.
CWE: CWE-434
CVSS v3.1: 9.1 (Critical) |
|---|
| Nguồn | ⚠️ https://medium.com/@hemantrajbhati5555/critical-authenticated-remote-code-execution-rce-via-unrestricted-file-upload-5a4a313ea1f1 |
|---|
| Người dùng | Hemant Raj Bhati (UID 95613) |
|---|
| Đệ trình | 10/06/2026 13:57 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 12/07/2026 20:04 (1 month later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 377889 [SourceCodester Online Book Store System 1.0 Book Image Upload Feature index.php?page=books nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|