An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
The student profile photo update function does not properly verify the type or content of the uploaded file. An attacker can submit a crafted PHP file instead of an allowed image file. After saving the file on the server, it can be directly invoked through a browser or HTTP request, resulting in the execution of malicious code on the server side.
An attacker can gain full control over the application server, including reading, modifying, or deleting data, as well as executing arbitrary system commands (RCE). It is also possible to compromise the database containing student data and perform further lateral movement in the network.
Apply patches available from the vendor according to the references. Additionally, it is recommended to implement MIME type validation and file extension verification on the server side, store files outside the webroot directory, and disable script execution in the upload directory.
Student Enrollment In PHP v1.0 (Code-Projects)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCode Projects Student Enrollment
APPCode-Projects1.0
Related vulnerabilities
Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP
SQL injection w funkcji logowania — Code-Projects Student Enrollment PHP v1.0
SQL Injection vulnerability in Student Enrollment In PHP 1.0 allows attackers to run arbitrary code via the St...
A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This...
Auth Bypass w Simple Car Rental System — przejęcie sesji wysokich uprawnień