Unrestricted File Upload Vulnerability Discovered in SourceCodester Online Student Management System
CVE-2024-6801
9.8CRITICAL
What is CVE-2024-6801?
A vulnerability has been identified in the SourceCodester Online Student Management System version 1.0, specifically related to the file handling in /add-students.php. This issue pertains to the unrestricted upload of files, where manipulation of the 'image' argument can result in unauthorized file uploads. Attackers can exploit this flaw remotely, potentially compromising the security of the system. The public disclosure of this exploit has raised concerns about the potential for misuse. Organizations utilizing this software should assess their exposure and consider implementing remediation strategies to mitigate the risk associated with this vulnerability.