Wednesday, November 18, 2020
CVE-2020-28130
nist.gov
In: nist.gov
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). CVE-2020-28130