You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The input obtained through PHP in line 375 of the \ improve \ home.php file is used by PHP in line 375 to determine the location of the file to be written, which may allow attackers to modify or damage the content of the file, or create a brand new file.
Impact
Attackers can exploit this vulnerability for unrestricted uploads, and remote attacks may result in RCE.
DESCRIPTION
zebra11 found that the file upload operation was triggered in /improve/home.php, and the _FAILE variable was used to receive the payload. After receiving the attack vector from a remote attacker, it will result in unrestricted uploads, and remote attacks may lead to RCE.
Vulnerability details and POC
Payload
This attack payload can be used without the need for login.
SourceCodester SchoolWebTech 1.0 /improve/home.php Unrestricted Upload
NAME OF AFFECTED PRODUCT(S)
Vendor Homepage
AFFECTED AND/OR FIXED VERSION(S)
submitter
Vulnerable File
VERSION(S)
Software Link
PROBLEM TYPE
Vulnerability Type
Root Cause
Impact
DESCRIPTION
Vulnerability details and POC
Payload
The text was updated successfully, but these errors were encountered: