Unrestricted File Upload Vulnerability in ZeroWdd Studentmanager Software
CVE-2024-13133
5.3MEDIUM
What is CVE-2024-13133?
A security vulnerability exists in the ZeroWdd Studentmanager software, specifically within the addStudent/editStudent functions in the StudentController.java file. The issue stems from the manipulation of the 'file' argument, leading to unrestricted file uploads, which could be exploited by attackers to execute arbitrary code or upload malicious files. This vulnerability allows for remote attacks, heightening the risk for organizations using this software. Public disclosure of the exploit amplifies the urgency for users to secure their installations and apply appropriate mitigations.
Affected Version(s)
studentmanager 1.0