PT-2018-17785 · Php Scripts Mall · Php Scripts Mall Schools Alert Management Script

Published

2018-02-12

Updated

2020-03-11

CVE-2018-6860

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PHP Scripts Mall Schools Alert Management Script version 2.0.2

Description The issue allows for Arbitrary File Upload and Remote Code Execution through a profile picture in the PHP Scripts Mall Schools Alert Management Script.

Recommendations For version 2.0.2, consider restricting the upload of files, especially for profile pictures, to prevent potential Arbitrary File Upload and Remote Code Execution until a patch is available.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-6860

Affected Products

Php Scripts Mall Schools Alert Management Script

PT-2018-17785 · Php Scripts Mall · Php Scripts Mall Schools Alert Management Script

CVE-2018-6860

Weakness Enumeration

Related Identifiers

Affected Products

References · 3