This exploit demonstrates an unrestricted file upload vulnerability in VehicleWorkshop, allowing authenticated users to upload malicious PHP files (e.g., a backdoor) via the 'sellvehicle.php' page. The vulnerability arises from improper file type validation in the PHP code, enabling remote code execution (RCE).
Classification
Working Poc 95%
Target:
VehicleWorkshop (version not specified)
Auth required
Prerequisites:
Authenticated user account (customer or regular user) · Access to the 'sellvehicle.php' page