PT-2017-14310 · Ingenious · Ingenious School Management System

Ihsan Sencan

Publicado

2017-10-29

Atualizado

2017-11-17

CVE-2017-15957

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Ingenious School Management System version 2.3.0

Description The issue allows a student or teacher to upload an arbitrary file through the my profile.php script.

Recommendations For Ingenious School Management System version 2.3.0, restrict access to the my profile.php script to prevent arbitrary file uploads until a patch is available.

Exploit

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2017-15957

Produtos afetados

Ingenious School Management System

PT-2017-14310 · Ingenious · Ingenious School Management System

CVE-2017-15957

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4