PT-2024-24151 · Code Projects · Code-Projects Simple School Managment System
Published
2024-04-25
·
Updated
2024-08-15
·
CVE-2024-31610
CVSS v3.1
6.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Code-Projects Simple School Management System version 1.0
Description
The issue allows attackers to run arbitrary code via the upload of a crafted file, exploiting a File Upload vulnerability in the function for employees to upload avatars.
Recommendations
For Code-Projects Simple School Management System version 1.0, consider disabling the avatar upload function until a patch is available to prevent exploitation. Restrict access to the vulnerable function to minimize the risk of arbitrary code execution.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Code-Projects Simple School Managment System