PT-2026-33995
Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin user insert.php and vms/php/update 1.php. The move uploaded file function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP...