Authenticated Remote Code Execution in College Management System v1.0

CVE-2022-39179 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.