School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/150006/School-Event-Management-System-1.0-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/45723/ | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/150006/School-Event-Management-System-1.0-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/45723/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/150006/School-Event-Management-System-1.0-Shell-Upload.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/45723/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2018-11-16 18:29
Updated : 2024-11-21 03:56
NVD link : CVE-2018-18793
Mitre link : CVE-2018-18793
CVE.ORG link : CVE-2018-18793
JSON object : View
Products Affected
school_event_management_system_project
- school_event_management_system
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type