PT-2024-30592 · Sourcecodester · Sourcecodester Pisay Online E-Learning System
Laowang
·
Published
2024-04-30
·
Updated
2025-09-26
·
CVE-2024-4349
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
SourceCodester Pisay Online E-Learning System version 1.0
Description
A critical vulnerability has been found in the SourceCodester Pisay Online E-Learning System, affecting an unknown functionality of the file /lesson/controller.php. The manipulation of the
file argument leads to unrestricted upload. This issue can be exploited remotely.Recommendations
For SourceCodester Pisay Online E-Learning System version 1.0, consider disabling the upload functionality in the /lesson/controller.php file until a patch is available. Restrict access to this file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sourcecodester Pisay Online E-Learning System