CVE-2020-28130

Published: Nov 17, 2020Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).

Affected (1)

Products: Online Library Management System Project: Online Library Management System

Online Library Management System Project

1 product

Online Library Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Online Library Management System Project Online Library Management System	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://www.exploit-db.com/exploits/48928

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html

Source: cve@mitre.org

Third Party Advisory

https://www.exploit-db.com/exploits/48928

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.sourcecodester.com/php/14545/online-library-management-system-phpmysqli-full-source-code-2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.