PT-2020-11982 · Phpgurukul · Phpgurukul Online Book Store
Tib3Rius
·
Published
2020-03-08
·
Updated
2023-11-13
·
CVE-2020-10224
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Online Book Store version 1.0
Description
An unauthenticated file upload issue has been identified in the admin add.php file. This could be exploited by a remote attacker to upload content, including PHP files, potentially leading to command execution.
Recommendations
For PHPGurukul Online Book Store version 1.0, consider restricting access to the admin add.php file to prevent unauthenticated file uploads until a patch is available. As a temporary workaround, disabling the file upload functionality in admin add.php could help minimize the risk of exploitation.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Online Book Store