| Kura | code-projects online-notice-board-using-php 1.0 Unrestricted Upload |
|---|
| Gaskiya | Attacker can upload malicious file when registering through the profile picture upload.
The uploaded profile picture is in no restrictions and will be stored in /images/{USER-EMAIL}/{UPLOAD_FILENAME}
Hackers can upload .php file such as and visit /images/{USER-EMAIL}/malicious_php_file.php?1={ANY COMMAND HERE} to execute any command. |
|---|
| Manga | ⚠️ https://github.com/LamentXU123/cve/blob/main/RCE1.md |
|---|
| Màdùmga | LamentXU (UID 78142) |
|---|
| Furta | 12/04/2024 06:27 (1 Shettima 전) |
|---|
| Gargajiya | 12/05/2024 09:48 (1 day later) |
|---|
| Halitta | Shingilam |
|---|
| VulDB gite | 286979 [code-projects Online Notice Board har 1.0 Profile Picture /registration.php img kura hakki ndiyam] |
|---|
| Nganji | 19 |
|---|