Описание
Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.
Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-37372
- https://packetstormsecurity.com/files/164625/Online_Admission_System_CVEs-Gerard-Carbonell.pdf
- https://www.sourcecodester.com/php/14874/online-student-admission-system.html
- http://packetstormsecurity.com/files/164625/Online-Student-Admission-System-1.0-SQL-Injection-Shell-Upload.html
Связанные уязвимости
CVSS3: 8.8
nvd
больше 4 лет назад
Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.