CVE-2022-27349

Name of the Vulnerable Software and Affected Versions Social Codia SMS version 1

Description The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability through the addteacher.php endpoint. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For Social Codia SMS version 1, consider disabling the addteacher.php endpoint until a patch is available to prevent exploitation of the arbitrary file upload vulnerability. Restrict access to this endpoint to minimize the risk of arbitrary code execution. Avoid using this endpoint with untrusted input until the issue is resolved.