提交 #618946: code-projects Church Donation System V1.0 Unrestricted Upload信息

标题code-projects Church Donation System V1.0 Unrestricted Upload
描述During the security assessment of "Church Donation System", I detected a critical unrestricted file upload vulnerability in the "/members/admin_pic.php" file. This vulnerability is attributed to the insufficient validation of uploaded files. Attackers can upload arbitrary files by bypassing file extension checks, MIME type validation, or content inspection. This enables them to execute unauthorized code on the server, posing a significant threat. Immediate corrective measures are required to safeguard system security and protect business data.
来源⚠️ https://github.com/n0name-yang/myCVE/issues/16
用户
 n0name (UID 82970)
提交2025-07-19 13時03分 (12 月前)
管理2025-07-21 08時30分 (2 days later)
状态已接受
VulDB条目317060 [code-projects Church Donation System 1.0 /members/admin_pic.php image 权限提升]
积分20

Want to know what is going to be exploited?

We predict KEV entries!