PT-2024-16685 · Unknown · Codezips Online Institute Management System
Puppy2140
·
Published
2024-11-07
·
Updated
2024-11-18
·
CVE-2024-10993
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Codezips Online Institute Management System version 1.0
Description
A critical issue was found in the system, affecting an unknown function of the file /manage website.php. The manipulation of the
website image argument leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Recommendations
For Codezips Online Institute Management System version 1.0, as a temporary workaround, consider restricting access to the
/manage website.php file or disabling the upload functionality related to the website image argument until a patch is available. Avoid using the website image argument in the affected file until the issue is resolved.Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Codezips Online Institute Management System