VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 26, 2024· Updated Aug 26, 2024

SourceCodester Zipped Folder Manager App add-folder.php unrestricted upload

CVE-2024-8170

Description

Unrestricted file upload in SourceCodester Zipped Folder Manager App 1.0 via /endpoint/add-folder.php allows remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unrestricted file upload in SourceCodester Zipped Folder Manager App 1.0 via /endpoint/add-folder.php allows remote code execution.

Vulnerability

An unrestricted file upload vulnerability exists in the /endpoint/add-folder.php endpoint of SourceCodester Zipped Folder Manager App 1.0. The folder parameter is not properly sanitized, allowing an attacker to upload arbitrary files to the server.

Exploitation

The attack can be performed remotely without authentication. An attacker sends a crafted HTTP request to the vulnerable endpoint, manipulating the folder parameter to include a malicious file (e.g., a PHP shell). The file is then stored on the server.

Impact

Successful exploitation allows the attacker to upload arbitrary files, potentially leading to remote code execution, unauthorized data access, or complete compromise of the web server.

Mitigation

As of publication, no official patch has been released. Users should consider removing or restricting access to the vulnerable endpoint, implementing strict file upload validation, or using a web application firewall to block malicious requests.

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.