PT-2022-12425 · Unknown · The Online Admission System

Longwayhomie

Published

2022-03-18

Updated

2022-03-25

CVE-2021-45835

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions The Online Admission System version 1.0

Description The issue allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through the "documents.php" endpoint, which may be used to execute malicious code or lead to code execution.

Recommendations For The Online Admission System version 1.0, consider restricting access to the "documents.php" endpoint to prevent unauthenticated file uploads until a patch is available. As a temporary workaround, restrict the types of files that can be uploaded through this endpoint to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-45835

Affected Products

The Online Admission System

PT-2022-12425 · Unknown · The Online Admission System

CVE-2021-45835

Weakness Enumeration

Related Identifiers

Affected Products

References · 6