CVE-2014-8997

Name of the Vulnerable Software and Affected Versions DigitalVidhya Digi Online Examination System version 2.0

Description The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the Photo functionality, then accessing it via a direct request to the file in assets/uploads/images/. This is due to an unrestricted file upload vulnerability.

Recommendations For DigitalVidhya Digi Online Examination System version 2.0, consider restricting file uploads to only allow non-executable file extensions as a temporary workaround until a patch is available. Restrict access to the assets/uploads/images/ directory to minimize the risk of exploitation.