3 matches found
CVE-2020-28130
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos under the web root...
SourceCodester Online Library Management System Command Injection (CVE-2020-28130)
A command injection vulnerability exists in SourceCodester Online Library Management System. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2020-28130
CVE-2020-28130 describes an Arbitrary File Upload in the Upload Image component of SourceCodester Online Library Management System 1.0. The flaw allows an attacker to upload PHP files to admin/borrower/photos (web root) and gain remote code execution via admin/borrower/index.php?view=add. Public ...