3 matches found
Schools Alert Management Script - Arbitrary File Read
Exploit Title: Schools Alert Management Script - Arbitrary File Read Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...
CVE-2018-12054
Summary (CVE-2018-12054): The Schools Alert Management Script is vulnerable to an arbitrary file read via the f parameter in img.php (absolute path traversal). Exploitation PoC shows /img.php?f=/./etc/./passwd, enabling read of sensitive local files. Affected software: PHP Scripts Mall Schools Al...
CVE-2018-12054
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...