A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/160508/Alumni-Management-System-1.0-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-12-15 21:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-28072
Mitre link : CVE-2020-28072
CVE.ORG link : CVE-2020-28072
JSON object : View
Products Affected
alumni_management_system_project
- alumni_management_system
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type