Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-3129: Online_Driving_School_Project_In_PHP_With_Source_Code_Vulnerabilities/arbitrary_file_upload.md at main · KingBridgeSS/Online_Driving_School_Project_In_PHP_With_Source_Code_Vulnerabilities

A vulnerability was found in codeprojects Online Driving School. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registration.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207872.

CVE
Open in Source
#vulnerability#web#php#backdoor#rce

Online Driving School Project In PHP Arbitrary File Upload And RCE

The Online Driving School Project is a simple mini project for driving institutes. The project contains admin, learners, and users. The user can either be police or victims/complainers. This project is for the institute of driver training first commenced its operations in managing the learners and people who want to take a good learners school as well as the admin which means the owner of the web application can select the best and near learners to the people and connect them both.

project link: https://code-projects.org/online-driving-school-project-in-php-with-source-code/

in /registration.php, an attacker can upload an arbitrary file

which leads to remote code execution

POC

First, register an user and choose a backdoor php file as user image

shell0.php

then go to /admin/images/shell0.php and post shellcode

the codephpinfo();has been successfully executed.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE