PT-2024-15816 · Unknown · Projectworlds Online Admission System
Keroomi
·
Published
2024-01-22
·
Updated
2024-05-17
·
CVE-2024-0783
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Project Worlds Online Admission System version 1.0
Description
A critical issue affects the processing of the file
documents.php, leading to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Recommendations
For Project Worlds Online Admission System version 1.0, consider disabling the
documents.php file or restricting its access to prevent exploitation until a patch is available. As a temporary workaround, restrict access to the file to minimize the risk of unrestricted upload. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Projectworlds Online Admission System