An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing “<?php system($_GET[“cmd”]); ?>” gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users.
CPE | Name | Operator | Version |
---|---|---|---|
free_school_management_software | eq | 1.0 |