CVE-2020-28173

Name of the Vulnerable Software and Affected Versions: Simple College Website version 1.0

Description: The issue allows a user to conduct remote code execution via the "/alumni/admin/ajax.php?action=save settings" API endpoint when uploading a malicious file using the image upload functionality. The uploaded files are stored in the "/alumni/admin/assets/uploads/" directory.

Recommendations: For Simple College Website version 1.0, as a temporary workaround, consider disabling the image upload functionality until a patch is available. Restrict access to the "/alumni/admin/ajax.php?action=save settings" API endpoint to minimize the risk of exploitation. Avoid using the image upload feature in the affected API endpoint until the issue is resolved.