CVE-2023-1728

Name of the Vulnerable Software and Affected Versions Fernus Informatics LMS versions prior to 23.04.03

Description The issue allows OS Command Injection and Server Side Include (SSI) Injection due to an Unrestricted Upload of File with Dangerous Type vulnerability. This vulnerability can be exploited to execute arbitrary commands on the server or inject malicious code.

Recommendations For versions prior to 23.04.03, update to version 23.04.03 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only allow safe file types until a patch is applied. Restrict access to sensitive server-side functionality to minimize the risk of exploitation.