Headline
CVE-2022-2749: Record3/Gym Management System Project- Arbitrary file upload vulnerability.md at main · Blythe-LU/Record3
A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/index.php?view_exercises. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206017 was assigned to this vulnerability.
Permalink
Cannot retrieve contributors at this time
Gym Management System Project- Arbitrary file upload vulnerability
College Attendance System (CAS) Published by SourceCodester There is an arbitrary file upload vulnerability.
Attackers can upload malicious scripts through this vulnerability to achieve the purpose of destroying the system to control the target machine.
The path where the file upload vulnerability exists is as follows
/mygym/admin/index.php?view_exercises
The pages with file upload vulnerabilities are as follows
Click edit to upload the Trojan file
The content of the uploaded one sentence Trojan horse
The upload is successful, and the statement can be executed arbitrarily
Link
https://www.sourcecodester.com/php/15515/gym-management-system-project-php.html