Soumettre #665605: https://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCEinformation

Titrehttps://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCE
DescriptionAn unauthenticated arbitrary file upload vulnerability exists in the createNotice.php component of the School Management System. The endpoint fails to implement any authentication checks and does not properly validate uploaded files, allowing remote attackers to upload a malicious PHP script directly to the web server. This leads to remote code execution (RCE) with the privileges of the web server user.
La source⚠️ https://github.com/qqy-123/cve/issues/3
Utilisateur
 yuc1 (UID 90796)
Soumission30/09/2025 11:32 (il y a 7 mois)
Modérer12/10/2025 08:37 (12 days later)
StatutAccepté
Entrée VulDB328075 [ProjectsAndPrograms School Management System changeSllyabus.php Fichier élévation de privilèges]
Points20

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!