Student Information System v1.0 - Insecure File Upload
CVE-2023-4122

9.9CRITICAL

Key Information:

Vendor: Kashipara Group
Status: Student Information System
Vendor: CVE Published:; 7 December 2023

What is CVE-2023-4122?

The Student Information System v1.0 by Kashipara is susceptible to an Insecure File Upload vulnerability, particularly found in the 'photo' parameter on the my-profile page. This flaw permits authenticated attackers to upload malicious files, leading to potential Remote Code Execution on the server. If exploited, this vulnerability could allow an attacker to take control of the application and compromise the underlying server, raising significant security concerns.

Affected Version(s)

Student Information System 1.0

References

https://fluidattacks.com/advisories/rubinstein/

third-party-advisory

https://www.kashipara.com/

product

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 7, 2023
Vulnerability Reserved
Aug 2, 2023

Kashipara Group

What is CVE-2023-4122?

Affected Version(s)

References

CVSS V3.1

Timeline