CVE-2019-9181

Name of the Vulnerable Software and Affected Versions SchoolCMS version 2.3.1

Description The issue allows for file upload via the logo upload feature at "admin.php?m=admin&c=site&a=save" by manipulating the file extension and content type. Specifically, an attacker can use the .jpg extension, change the Content-Type to "image/php", and place PHP code after the JPEG data. This enables the execution of arbitrary PHP code.

Recommendations For SchoolCMS version 2.3.1, consider disabling the logo upload feature at "admin.php?m=admin&c=site&a=save" until a patch is available to prevent arbitrary PHP code execution. Restrict access to the save action in the site controller to minimize the risk of exploitation. Avoid using the logo upload feature with files that have the .jpg extension and "image/php" Content-Type until the issue is resolved.