Arbitrary File Upload and Code Injection Vulnerability in Classcms v2.5 and Below

Arbitrary File Upload and Code Injection Vulnerability in Classcms v2.5 and Below

CVE-2022-25581 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.

Learn more about our Cms Pen Testing.