2 matches found
CVE-2020-37073
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the userimage parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file wi...
SourceCodester Online Student Clearance System 安全漏洞
SourceCodester Online Student Clearance System is a SourceCodester open source online student management system. A security vulnerability exists in SourceCodester Online Student Clearance System version 1.0, which originates from an unrestricted upload due to the userImage action in the parameter...