PT-2009-2089 · Classsystem · Classsystem
Published
2009-04-06
·
Updated
2018-10-11
·
CVE-2008-6619
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ClassSystem version 2.3
Description
The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the
class/ApplyDB.php file, and then accessing it via a direct request to the file in class/UploadHomepage/. This is due to an unrestricted file upload vulnerability.Recommendations
For ClassSystem version 2.3, consider restricting or disabling the file upload functionality in
class/ApplyDB.php until a proper fix is applied, and avoid accessing uploaded files directly via class/UploadHomepage/ to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Classsystem