Primary

Context

code-projects Computer Book Store File Upload Vulnerability in admin_add.php

Vulnerability

A file upload vulnerability has been identified in code-projects Computer Book Store version 1.0, specifically within the admin_add.php file. This vulnerability allows attackers to upload arbitrary files, which can lead to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file uploads, potentially leading to remote code execution.

Reproduction

To reproduce this vulnerability, upload a file through the image upload feature in the admin_add.php page. The uploaded file can be a PHP script, which, once uploaded, can be executed on the server.

Remediation

It is recommended to validate file extensions using a whitelist, verify the file's MIME type, generate random filenames, restrict execution permissions in the upload directory, and perform resampling on image files.

Added: Jan 27, 2026, 5:34 PM

Updated: Jan 27, 2026, 5:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.0

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.0

remediation

0.0

relevance

2.3

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

code-projects Computer Book Store File Upload Vulnerability in admin_add.php

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating