| Title | CampCodes Computer Laboratory Management System 1.0 RCE via Arbitrary File Upload |
|---|
| Description | Vendor and Product Information:
Vendor: CampCodes
Product: Computer Laboratory Management System
Product URL: https://www.campcodes.com/projects/php/computer-laboratory-management-system/
Confidence: Confirmed
Description:
The item page of the application contains a severe vulnerability. The function that uploads item images permits attackers to upload arbitrary files, including malicious PHP scripts. This flaw allows attackers to execute arbitrary code on the server, potentially gaining unauthorized access to sensitive data, disrupting operations, or even taking full control of the server. This represents a major security threat and needs to be addressed immediately. |
|---|
| Source | ⚠️ https://github.com/shaturo1337/POCs/blob/main/Remote%20Code%20Execution%20via%20Arbitrary%20File%20Upload%20in%20Computer%20Laboratory%20Management%20System.md |
|---|
| User | John Correche (UID 79510) |
|---|
| Submission | 01/08/2025 03:09 (1 Year ago) |
|---|
| Moderation | 01/08/2025 18:54 (16 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 290828 [CampCodes Computer Laboratory Management System 1.0 /class/edit/edit e_photo unrestricted upload] |
|---|
| Points | 20 |
|---|