An arbitrary file upload vulnerability in Campcodes Online Matrimonial
Website System Script v3.3 allows attackers to execute arbitrary code via
uploading a crafted SVG file.
SVG Payload:
Steps to reproduce
-Login with your creds
-Navigate to this directory - /profile-settings
-Click on Gallery -> Add New Image -> Browser -> Add Files
-Choose the SVG file and upload done
-Click the image!! Payload Triggered
Burp Request
Website System Script v3.3 allows attackers to execute arbitrary code via
uploading a crafted SVG file.
SVG Payload:
Steps to reproduce
-Login with your creds
-Navigate to this directory - /profile-settings
-Click on Gallery -> Add New Image -> Browser -> Add Files
-Choose the SVG file and upload done
-Click the image!! Payload Triggered
Burp Request
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
