| 标题 | https://oranbyte.com/ ProjectsAndPrograms/school-management-system 1.0 Unauthenticated Arbitrary File Upload to RCE |
|---|
| 描述 | An unauthenticated arbitrary file upload vulnerability exists in the createNotice.php component of the School Management System. The endpoint fails to implement any authentication checks and does not properly validate uploaded files, allowing remote attackers to upload a malicious PHP script directly to the web server. This leads to remote code execution (RCE) with the privileges of the web server user. |
|---|
| 来源 | ⚠️ https://github.com/qqy-123/cve/issues/3 |
|---|
| 用户 | yuc1 (UID 90796) |
|---|
| 提交 | 2025-09-30 11時32分 (7 月前) |
|---|
| 管理 | 2025-10-12 08時37分 (12 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 328075 [ProjectsAndPrograms School Management System 直到 6b6fae5426044f89c08d0dd101c7fa71f9042a59 changeSllyabus.php 文件 权限提升] |
|---|
| 积分 | 20 |
|---|