| タイトル | https://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCE |
|---|
| 説明 | An unauthenticated arbitrary file upload vulnerability exists in the changeSllyabus.php component of the School Management System. The endpoint fails to implement any authentication checks and does not properly validate uploaded files, allowing remote attackers to upload a malicious PHP script directly to the web server. This leads to remote code execution (RCE) with the privileges of the web server user. |
|---|
| ソース | ⚠️ https://github.com/qqy-123/cve/issues/4 |
|---|
| ユーザー | yuc1 (UID 90796) |
|---|
| 送信 | 2025年09月30日 11:33 (7 月 ago) |
|---|
| モデレーション | 2025年10月12日 08:37 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 328076 [ProjectsAndPrograms School Management System 迄 6b6fae5426044f89c08d0dd101c7fa71f9042a59 /assets/uploadNotes.php ファイル 特権昇格] |
|---|
| ポイント | 20 |
|---|