PT-2024-16526 · Unknown · Codezips Online Institute Management System
Abcdcee123
·
Published
2024-11-04
·
Updated
2024-11-06
·
CVE-2024-10764
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Codezips Online Institute Management System version 1.0
Description
A critical vulnerability has been found in the Codezips Online Institute Management System. This issue affects an unknown part of the file /pages/save user.php and allows for unrestricted upload via the manipulation of the
image argument. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used, potentially leading to system compromise.Recommendations
For Codezips Online Institute Management System version 1.0, patch immediately and validate input to prevent unrestricted upload. As a temporary workaround, consider restricting access to the /pages/save user.php file until a patch is available. Avoid using the
image argument in the affected API endpoint until the issue is resolved.Exploit
Fix
Improper Access Control
Incorrect Privilege Assignment
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Codezips Online Institute Management System