Podatność CVE-2023-4122
Publikacja: 2023-12-07   Modyfikacja: 2023-12-14

Opis:
Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

Typ:

CWE-434

 (Unrestricted Upload of File with Dangerous Type)

Affected software
Imsurajghosh -> Student information system 

 Referencje:
https://fluidattacks.com/advisories/rubinstein/
https://www.kashipara.com/
Copyright 2024, cxsecurity.com

 

Back to Top