Описание
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitVendor Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:online_course_registration_project:online_course_registration:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02309
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434
Связанные уязвимости
github
больше 3 лет назад
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.
EPSS
Процентиль: 84%
0.02309
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-434