CVE-2023-50760

Name of the Vulnerable Software and Affected Versions Online Notice Board System version 1.0

Description The issue is related to an Insecure File Upload vulnerability. This vulnerability is located in the f parameter of the "user/update profile pic.php" page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

Recommendations For Online Notice Board System version 1.0, consider disabling the file upload functionality on the "user/update profile pic.php" page until a patch is available. Restrict access to the f parameter to minimize the risk of exploitation. Avoid using the f parameter in the affected API endpoint until the issue is resolved.