Unrestricted File Upload Vulnerability Discovered in SourceCodester Online Student Management System
CVE-2024-6801

9.8CRITICAL

Key Information:

Vendor: SourceCodester
Status: Online Student Management System
Vendor: CVE Published:; 17 July 2024

Summary

A vulnerability has been identified in the SourceCodester Online Student Management System version 1.0, specifically related to the file handling in /add-students.php. This issue pertains to the unrestricted upload of files, where manipulation of the 'image' argument can result in unauthorized file uploads. Attackers can exploit this flaw remotely, potentially compromising the security of the system. The public disclosure of this exploit has raised concerns about the potential for misuse. Organizations utilizing this software should assess their exposure and consider implementing remediation strategies to mitigate the risk associated with this vulnerability.

References

https://vuldb.com/?id.271703

https://vuldb.com/?ctiid.271703

https://vuldb.com/?submit.374774

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 17, 2024