Garage Management System By mayuri_k - Arbitrary File Upload Vulnerability
- Exploit Author: zerrr0
Vendor Homepage
Description
- An arbitrary file upload vulnerability in the select product image function of Garage Management System by mayuri_k allows attackers to execute arbitrary code via a malicious PHP file.
- Vulnerability file: /php_action/createProduct.php
Proof of Concept (PoC) :
- Goto: http://localhost/garage/login.php
- Login as admin using test credentials: mayuri.infospace@gmail.com/rootadmin
- Goto: http://localhost/garage/add-product.php
Add Product->Product Image
