Page 2 of 11 results (0.001 seconds)
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2058 – SourceCodester Petrol Pump Management Software product.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-2058
01 Mar 2024 — A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. • https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md • CWE-434: Unrestricted Upload of File with Dangerous Type •