| Titolo | hzmanyun.com education and training system v2.1.3 RCE |
|---|
| Descrizione | The /scorm endpoint in the application is vulnerable to Remote Code Execution (RCE) due to improper handling of parametor like param. An attacker can inject the command , leading to RCE of the system. |
|---|
| Fonte | ⚠️ https://github.com/heiheixz/report/blob/main/nxb_2.md |
|---|
| Utente | heihei_XZ (UID 81980) |
|---|
| Sottomissione | 25/02/2025 14:28 (1 Anno fa) |
|---|
| Moderazione | 04/03/2025 14:50 (7 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 298521 [hzmanyun Education and Training System 2.1.3 UploadImageController.java scorm param escalationi di privilegi] |
|---|
| Punti | 16 |
|---|