The positive side of College academic management system is a student performance, the course management system, there are many colleges and universities use the academic management systems. Recently the system broke a high-risk vulnerability, an attacker can use this vulnerability to easily get the website webshell permissions. Given below the loopholes in the case and method of repair:
Vulnerability type: upload vulnerability
Vulnerability file:/ftb. imagegallery. aspx
The vulnerability is a file without any access restrictions, visitors can directly access the file, so that by files own upload function, to upload the structure of a good that can be parsed back door file.
Bug fixes: you can set the images directory script parse the permissions to none. Capable can for this file do permission authentication, to prohibit ordinary users to access.
Bug fix: contact the positive side of the company upgrade the site program