PT-2022-25602 · Unknown · Exam Reviewer Management System
Published
2022-09-27
·
Updated
2022-09-28
·
CVE-2022-40878
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Exam Reviewer Management System version 1.0
Description
The issue allows an authenticated attacker to upload a web-shell php file in the profile page, resulting in Remote Code Execution (RCE).
Recommendations
For Exam Reviewer Management System version 1.0, consider disabling the file upload feature in the profile page as a temporary workaround until a patch is available. Restrict access to the profile page to minimize the risk of exploitation. Avoid using the profile page for uploading files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Exam Reviewer Management System