College Management System v1.0 - Authenticated remote code execution.
An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload
.php file that contains malicious code via student.php file.
References
Link | Resource |
---|---|
https://www.gov.il/en/Departments/faq/cve_advisories |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCD
Published: 2022-11-17T22:27:55.603007Z
Updated: 2023-10-25T13:18:21.458Z
Reserved: 2022-09-02T00:00:00
Link: CVE-2022-39179
JSON object: View
NVD Information
Status : Modified
Published: 2022-11-17T23:15:18.490
Modified: 2023-10-25T18:17:15.373
Link: CVE-2022-39179
JSON object: View
Redhat Information
No data.
CWE