CVE-2022-39179

Name of the Vulnerable Software and Affected Versions College Management System version 1.0

Description The issue allows an admin user to upload a .php file containing malicious code via the student.php file, potentially leading to remote code execution. The authentication required for this action can be bypassed using SQL Injection, as mentioned in another report.

Recommendations For College Management System version 1.0, consider disabling the upload functionality in the student.php file until a patch is available to prevent the upload of malicious .php files. Restrict access to the student.php file to minimize the risk of exploitation. Avoid using the student.php file for uploading any files until the issue is resolved.