drew-byte/Pet-Grooming-Management-RCE
GitHub
Releases0
An authenticated attacker can upload arbitrary files, including PHP code, instead of restricted image files. This results in Remote Code Execution (RCE) on the hosting server.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 4.7 MEDIUM | 5.8 MEDIUM | ||
A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||