code-projects Agro-School Management System Attachment Image btn_functions.php unrestricted upload
CVE-2023-3061

9.8CRITICAL

Key Information:

Vendor: code-projects
Status: Agro-School Management System
Vendor: CVE Published:; 2 June 2023

Summary

A vulnerability has been identified in the Agro-School Management System 1.0, residing in the file btn_functions.php of the Attachment Image Handler component. This security issue allows attackers to perform unrestricted file uploads, enabling remote execution of malicious payloads. The flaw can be exploited remotely, posing a significant security risk to systems utilizing this software. Mitigating this vulnerability is essential to protect against potential data breaches and unauthorized access.

Affected Version(s)

Agro-School Management System 1.0

References

https://vuldb.com/?id.230567

vdb-entrytechnical-description

https://vuldb.com/?ctiid.230567

signaturepermissions-required

https://github.com/hotencode/CveHub/blob/main/Agro-School...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2023
Vulnerability Reserved
Jun 2, 2023

Credit

ZhangWang (VulDB User)