RSS   Vulnerabilities for 'Simple college'   RSS

2021-03-31
 
CVE-2020-28173

CWE-434
 

 
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.

 
 
CVE-2020-28172

CWE-89
 

 
A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in college_website/admin/ajax.php?action=login, thus gaining access to the website administrative panel.

 


Copyright 2021, cxsecurity.com

 

Back to Top