Gửi #665604: https://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCEthông tin

tiêu đềhttps://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCE
Mô tảAn unauthenticated arbitrary file upload vulnerability exists in the createNotice.php component of the School Management System. The endpoint fails to implement any authentication checks and does not properly validate uploaded files, allowing remote attackers to upload a malicious PHP script directly to the web server. This leads to remote code execution (RCE) with the privileges of the web server user.
Nguồn⚠️ https://github.com/qqy-123/cve/issues/2
Người dùng
 yuc1 (UID 90796)
Đệ trình30/09/2025 11:31 (cách đây 7 các tháng)
Kiểm duyệt12/10/2025 08:37 (12 days later)
Trạng tháiđược chấp nhận
Mục VulDB328074 [ProjectsAndPrograms School Management System đến 6b6fae5426044f89c08d0dd101c7fa71f9042a59 /assets/createNotice.php Tệp tin nâng cao đặc quyền]
điểm20

TrướcTổng QuanTiếp theo

Do you know our Splunk app?

Download it now for free!