CVE-2021-46013

Name of the Vulnerable Software and Affected Versions Sourcecodester Free school management software version 1.0

Description An unrestricted file upload issue exists, allowing an attacker to enable remote code execution on the affected web server. This can be achieved by uploading a PHP webshell containing "" which gets saved into the /uploads/exam question/ directory and is accessible by all users.

Recommendations For Sourcecodester Free school management software version 1.0, consider restricting or disabling file uploads until a patch is available to prevent remote code execution. As a temporary workaround, restrict access to the /uploads/exam question/ directory to minimize the risk of exploitation. Avoid using the cmd variable in the affected PHP code until the issue is resolved.