CVE-2019-9572

Name of the Vulnerable Software and Affected Versions SchoolCMS version 2.3.1

Description The issue allows for file upload via the theme upload feature at "admin.php?m=admin&c=theme&a=upload" by exploiting the mishandling in the Upload() function of the ThemeController.class.php file. This can be achieved by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header, ultimately allowing execution of arbitrary PHP code in PublicHome1 Static.php.

Recommendations For SchoolCMS version 2.3.1, consider disabling the theme upload feature at "admin.php?m=admin&c=theme&a=upload" until a patch is available to prevent exploitation. Restrict access to the Upload() function in the ApplicationAdminControllerThemeController.class.php file to minimize the risk of arbitrary PHP code execution. Avoid using the Static substring in the theme upload feature to prevent mishandling of uploaded files.