CVE-2021-46013
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "<?php system($_GET["cmd"]); ?>" gets uploaded it is saved into /uploads/exam_question/ directory, and is accessible by all users.
Se presenta una vulnerabilidad de carga de archivos sin restricciones en Sourcecodester Free school management software versión 1.0. Un atacante puede aprovechar esta vulnerabilidad para permitir una ejecución de código remota en el servidor web afectado. Una vez que es subido un webshell php que contiene "(?php system($_GET["cmd"]); ?)" es guardado en el directorio /uploads/exam_question/, y es accesible por todos los usuarios
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-01-03 CVE Reserved
- 2022-01-18 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-10-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/50587 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Free School Management Software Project Search vendor "Free School Management Software Project" | Free School Management Software Search vendor "Free School Management Software Project" for product "Free School Management Software" | 1.0 Search vendor "Free School Management Software Project" for product "Free School Management Software" and version "1.0" | - |
Affected
| ||||||