PT-2025-17959 · Serosoft · Serosoft Academia Student Information System
Published
2025-04-26
·
Updated
2026-01-29
·
CVE-2024-53636
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Serosoft Academia Student Information System (SIS) EagleR version 1.0.118
Description
An arbitrary file upload vulnerability via
writefile.php allows attackers to execute arbitrary code via ../ in the filePath parameter. This issue enables attackers to upload files to arbitrary locations on the server, potentially leading to code execution.Recommendations
For Serosoft Academia Student Information System (SIS) EagleR version 1.0.118, consider disabling the
writefile.php functionality until a patch is available to prevent exploitation. Restrict access to the filePath parameter in the affected API endpoint to minimize the risk of arbitrary file uploads.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Serosoft Academia Student Information System