You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
FanYZ has discovered a vulnerability classified as critical in Simple File Manager Web App using PHP and MySQL Database Free Source Code. The function upload is affected. This operation will result in unrestricted uploads. Remote attacks can cause RCE.
Vulnerability Details
Simple File Manager Web App using PHP and MySQL Database Free Source Code V1.0
Vulnerable File: index.php
Parameter Names: filename
Attack Type: Remote
Description
FanYZ has discovered a vulnerability classified as critical in Simple File Manager Web App using PHP and MySQL Database Free Source Code. This issue affects the function upload. The manipulation with an unknown input leads to a unrestricted upload vulnerability.
Note
No need to log in to the website, no interaction required to RCE!
Simple File Manager Web App using PHP and MySQL Database Free Source Code - Arbitrary file vulnerability uploading leads to command execution
Vendor Homepage
Software Link
Overview
Vulnerability Details
Description
Note
Proof of Concept (PoC) :
0x01
0x02
The text was updated successfully, but these errors were encountered: