Joajoa

**Name of the Vulnerable Software and Affected Versions** campcodes Online Student Enrollment System version 1.0 **Description** A flaw exists in campcodes Online Student Enrollment System that allows for unrestricted file upload. This issue affects the file '/admin/index.php?page=user-profile' and involves manipulation of the `userphoto` argument. The attack can be initiated remotely. The exploit is publicly available. **Recommendations** Apply a fix to address the unrestricted file upload issue in the affected file. Restrict access to the vulnerable file '/admin/index.php?page=user-profile'. Sanitize or validate the `userphoto` argument to prevent unrestricted file uploads. As a temporary workaround, consider disabling the affected functionality until a patch is available.

**Name of the Vulnerable Software and Affected Versions** campcodes Online Student Enrollment System version 1.0 **Description** A flaw exists in campcodes Online Student Enrollment System 1.0 that allows for unrestricted file upload. This impacts an unknown function within the `/admin/register.php` file. Manipulation of the `photo` argument enables the upload of arbitrary files, and the attack can be initiated remotely. The exploit has been published. **Recommendations** Apply a fix to address the unrestricted file upload issue in the `/admin/register.php` file. Restrict access to the `/admin/register.php` file to authorized personnel only. As a temporary workaround, consider disabling the file upload functionality until a patch is available.