Insecure File Upload Vulnerability in Student Information System v1.0 Allows Remote Code Execution

Insecure File Upload Vulnerability in Student Information System v1.0 Allows Remote Code Execution

CVE-2023-4122 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

Learn more about our Cis Benchmark Audit For Server Software.