CVE-2023-4122

Name of the Vulnerable Software and Affected Versions Student Information System version 1.0

Description The issue allows an authenticated attacker to obtain Remote Code Execution on the server hosting the application through an Insecure File Upload vulnerability. This vulnerability is specifically located on the photo parameter of the "my-profile" page.

Recommendations For Student Information System version 1.0, as a temporary workaround, consider disabling the file upload functionality on the "my-profile" page, specifically restricting access to the photo parameter, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.