PHP Voting System – Unauthenticated Remote Code Execution
![](https://secure77.de/wp-content/uploads/2021/05/2021-05-06-23_24_18-Voting-System-using-PHP.png)
Today i just found another exploit in the PHP Voting System. The file /admin/candidates_add.php is vulnerable against unauthenticated file upload which can use for RCE. Exploit DB entry: https://www.exploit-db.com/exploits/49846 Vulnerable file candidates_add.php You just need to send a POST with multipart/form-data so you can upload any file you wish. There is no cookie or file
Continue Reading „PHP Voting System – Unauthenticated Remote Code Execution“