Enviar #665609: https://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCEinformación

Títulohttps://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCE
DescripciónAn unauthenticated arbitrary file upload vulnerability exists in the changeSllyabus.php component of the School Management System. The endpoint fails to implement any authentication checks and does not properly validate uploaded files, allowing remote attackers to upload a malicious PHP script directly to the web server. This leads to remote code execution (RCE) with the privileges of the web server user.
Fuente⚠️ https://github.com/qqy-123/cve/issues/4
Usuario
 yuc1 (UID 90796)
Sumisión2025-09-30 11:33 (hace 7 meses)
Moderación2025-10-12 08:37 (12 days later)
EstadoAceptado
Entrada de VulDB328076 [ProjectsAndPrograms School Management System hasta 6b6fae5426044f89c08d0dd101c7fa71f9042a59 /assets/uploadNotes.php Archivo escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!