Ustc-L1Nk

**Name of the Vulnerable Software and Affected Versions** 1000projects Online Student Project Report Submission and Evaluation System version 1.0 **Description** A vulnerability exists in 1000projects Online Student Project Report Submission and Evaluation System version 1.0 that allows for unrestricted file upload. The issue is related to the manipulation of the `new image` argument within an unknown function of the `/admin/controller/student controller.php` file. This manipulation can be performed remotely. The exploit is publicly available. **Recommendations** As a temporary workaround, restrict access to the `/admin/controller/student controller.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 1000projects Online Student Project Report Submission and Evaluation System version 1.0 **Description** A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file `/admin/controller/faculty controller.php`. Manipulation of the argument `new image` causes unrestricted upload, and the attack is possible to be carried out remotely. The exploit has been publicly disclosed. **Recommendations** Restrict access to the file `/admin/controller/faculty controller.php` to prevent unauthorized uploads. As a temporary workaround, consider restricting the use of the `new image` argument in the affected function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** RemoteClinic versions prior to 2.1 **Description** A vulnerability allows for unrestricted file upload via manipulation of the `image` argument in the `/staff/edit.php` file. The attack can be initiated remotely. The exploit is publicly available. This issue affects products that are no longer supported by the maintainer. **Recommendations** RemoteClinic versions prior to 2.1: Due to the lack of support for older versions, upgrading is not possible. Consider alternative solutions or isolating the affected system.

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A weakness exists in an unknown functionality of the file `/rse/admin/edit faculty.php?id=2`. Manipulation of the `Name` argument causes cross site scripting, and the attack is possible to be carried out remotely. The exploit has been made publicly available. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A security issue exists in 1000projects Online Project Report Submission and Evaluation System 1.0. The vulnerability is related to a cross-site scripting (XSS) issue within the `/admin/add title.php` file. Manipulation of the `Title` argument may allow for remote execution of malicious scripts. The exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A cross site scripting issue exists in 1000projects Online Project Report Submission and Evaluation System version 1.0. Manipulation of the `desc` argument in the file `/admin/edit title.php?id=1` can lead to exploitation. The issue may be launched remotely and has been publicly disclosed. Recommendations: As a temporary workaround, consider restricting access to the `/admin/edit title.php` file to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A security flaw exists in 1000projects Online Project Report Submission and Evaluation System version 1.0. The manipulation of the `address` argument in the `/admin/add student.php` file results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GreenCMS versions prior to 2.3.0604 Description: A vulnerability exists in GreenCMS that allows for unrestricted file upload. The issue is located in an unknown part of the file `/index.php?m=admin&c=media&a=fileconnect`. Manipulation of the `upload[]` argument enables the unrestricted upload of files. The attack can be carried out remotely. The exploit is publicly available. This vulnerability affects products that are no longer supported by the maintainer. Recommendations: Update GreenCMS to version 2.3.0604 or later.