CVE-2021-46013

Опубликовано: 18 янв. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users.

Ссылки

https://www.exploit-db.com/exploits/50587
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/50587
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:free_school_management_software_project:free_school_management_software:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02405

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-cp62-q7v3-5q5w

github

около 4 лет назад

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users.