Описание
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Ссылки
- ExploitThird Party Advisory
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.5 (включая)
cpe:2.3:a:yungifez:skuul:*:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00039
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.3
github
2 месяца назад
Skuul School Management System has a Sensitive Data Exposure Vulnerability in Uploaded Images
EPSS
Процентиль: 11%
0.00039
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-200
NVD-CWE-noinfo