Critical Vulnerability in University Management System 1.0 Could Lead to Unrestricted File Uploads
CVE-2024-6958
8.8HIGH
Key Information
- Vendor
- Itsourcecode
- Status
- University Management System
- Vendor
- CVE Published:
- 21 July 2024
Summary
A vulnerability classified as critical was found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /st_update.php of the component Avatar File Handler. The manipulation of the argument personal_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272080.
Affected Version(s)
University Management System = 1.0
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 6.3 - (MEDIUM)
Vulnerability published.
VulDB entry last update
Vulnerability Reserved.
VulDB entry created
Advisory disclosed
Collectors
NVD DatabaseMitre Database
Credit
Dee.Mirage (VulDB User)