An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
The student profile photo upload function does not properly verify the types of uploaded files, allowing an attacker to upload a crafted PHP file instead of an actual image. After uploading the file to the server, the attacker can invoke it through a direct HTTP request, resulting in execution of the code contained in it on the server side. The vulnerability is accessible remotely, without authentication, and without victim interaction.
An attacker can gain full control over the server by executing arbitrary code (RCE), which enables reading and modifying data, privilege escalation, and potential takeover of the entire system.
Patches available from the vendor should be applied in accordance with the references. Additionally, it is recommended to implement validation of uploaded file types (extension whitelist and MIME header verification), store uploaded files outside the webroot directory, and restrict script execution permissions in directories designated for uploads.
Code-Projects Student Enrollment In PHP version 1.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCode Projects Student Enrollment
APPCode-Projects1.0
Related vulnerabilities
SQL injection w funkcji logowania — Code-Projects Student Enrollment PHP v1.0
Arbitrary File Upload umożliwiający RCE w Student Enrollment In PHP
SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the St...
A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This...
Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień