8 matches found
Remote Code Execution (RCE)
ulearnpro/ulearn is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of upload image validation, which allows an attacker to upload and execute malicious code on the system...
CVE-2023-0670
Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image...
Design/Logic Flaw
Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image...
CVE-2023-0670
CVE-2023-0670 affects Ulearn (version a5a7ca20de859051ea0470542844980a66dfc05d). The root cause is failure to validate that uploaded files are actual images, enabling an attacker with administrator permissions to achieve Remote Code Execution (RCE) on the server via the image upload feature. Impa...
Ulearn 代码问题漏洞
UTeM Ulearn is a learning management system organized by UTeM Malaysia. Ulearn suffers from a security vulnerability that stems from the program's failure to verify that an uploaded image is indeed an image. An attacker exploiting this vulnerability could remotely execute code on the server via t...
PT-2023-16441 · Ulearn · Ulearn
Name of the Vulnerable Software and Affected Versions: Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d Description: The issue allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the...
CVE-2023-0670
Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image...
CVE-2023-0670
Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image...