Submit #665610: https://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCEinfo

Titelhttps://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCE
BeschreibungAn unauthenticated arbitrary file upload vulnerability exists in the uploadSllyabus.php component of the School Management System. The endpoint fails to implement any authentication checks and does not properly validate uploaded files, allowing remote attackers to upload a malicious PHP script directly to the web server. This leads to remote code execution (RCE) with the privileges of the web server user.
Quelle⚠️ https://github.com/qqy-123/cve/issues/5
Benutzer
 yuc1 (UID 90796)
Einreichung30.09.2025 11:34 (vor 7 Monaten)
Moderieren12.10.2025 08:37 (12 days later)
StatusAkzeptiert
VulDB Eintrag328077 [ProjectsAndPrograms School Management System bis 6b6fae5426044f89c08d0dd101c7fa71f9042a59 uploadSllyabus.php Datei erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!