Design/Logic Flaw

2021-03-3113:15:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.043 Low

EPSS

Percentile

92.3%

JSON

Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.

CPENameOperatorVersion
simple_collegeeq1.0

CPE	Name	Operator	Version
	simple_college	eq	1.0

References

dl.packetstormsecurity.net/2010-exploits/simplecollegewebsite10-sqlexec.txt

github.com/yunaranyancat/poc-dump/blob/main/simplecollegewebsite/sqli_rce.py

www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysqli-source-code.html

www.sourcecodester.com/sites/default/files/download/oretnom23/simple-college-website.zip