4 matches found
CVE-2024-9659 School Management <= 91.5.0 - Unauthenticated Arbitrary File Upload
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mjsmgtuseravatarimageupload function in all versions up to, and including, 91.5.0. This makes it possible for unauthenticated attackers to upload...
CVE-2024-9659 School Management <= 91.5.0 - Unauthenticated Arbitrary File Upload
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mjsmgtuseravatarimageupload function in all versions up to, and including, 91.5.0. This makes it possible for unauthenticated attackers to upload...
CVE-2024-9659
CVE-2024-9659 affects School Management System for WordPress (WordPress plugin) up to version 91.5.0, where missing file type validation in mj_smgt_user_avatar_image_upload() allows unauthenticated arbitrary file uploads. The impact is described as potentially enabling remote code execution on th...
WordPress School Management Plugin <= 91.5.0 is vulnerable to Arbitrary File Upload
Software School Management Type Plugin Vulnerable versions = 91.5.0 Fixed in 92.0.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9659 Patch priority High CVSS severity High 10 Developer Claim ownership PSID c5a4715332b9 Credits Tonn Required privilege Unauthenticat...