vendor:
Purchase Order Management System
by:
Aryan Chehreghani
9,8
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: Purchase Order Management System
Affected Version From: v1.0
Affected Version To: v1.0
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 10 - XAMPP Server
2021
Purchase Order Management System 1.0 – Remote File Upload
This exploit allows an attacker to upload a malicious file to the server, which can be used to execute arbitrary code on the server. The exploit is possible due to the lack of proper input validation in the application's upload functionality. The attacker can use the application's login credentials to gain access to the application and upload the malicious file.
Mitigation:
Input validation should be implemented to prevent malicious files from being uploaded to the server.