A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/160508/Alumni-Management-System-1.0-Shell-Upload.html | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-15T20:48:08
Updated: 2020-12-15T20:48:08
Reserved: 2020-11-02T00:00:00
Link: CVE-2020-28072
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-15T21:15:15.217
Modified: 2020-12-17T20:52:41.077
Link: CVE-2020-28072
JSON object: View
Redhat Information
No data.
CWE