Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "<?php system($_GET["cmd"]); ?>" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Engineers Online Portal 代码问题漏洞
Vulnerability Description
Engineers Online Portal是开源的一个在线门户。是使用PHP、MySQL 数据库、HTML、CSS、Javascript、jQuery、Ajax、Bootstrap 和一些其他库开发的。 Engineers Online Portal 存在代码问题漏洞,该漏洞源于在PHP的Sourcecodester Engineers Online Portal中通过dashboard teacher. PHP存在文件上传漏洞。攻击者可利用该漏洞使用-/admin/uploads/php-websh
CVSS Information
N/A
Vulnerability Type
N/A