Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload

XMAN

Active member
Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload #1
# Exploit Title: Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload
# Google Dork: N/A
# Vendor Homepage: https://www.campcodes.com/projects/p...in-php-mysqli/
# Software Link: https://www.sourcecodester.com/sites...rollment_1.zip
# Version: v1.0
# Tested on: Win 10
# CVE: N/A

# Vulnerability:
Online Student Enrollment System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution
(RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file.

#CSRF PoC:












Quote:Original Link to the Exploit!
https://www.exploit-db.com/exploits/48610
 
Top