- Exploit Author: zerrr0
- An arbitrary file upload vulnerability in the select product image function of Garage Management System by mayuri_k allows attackers to execute arbitrary code via a malicious PHP file.
- Vulnerability file: /php_action/createProduct.php
- Goto: http://localhost/garage/login.php
- Login as admin using test credentials: mayuri.infospace@gmail.com/rootadmin
- Goto: http://localhost/garage/add-product.php
Add Product->Product Image
