Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload 04-14-2021, 06:11 PM
#1
# Exploit Title: Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload
# Google Dork: N/A
# Vendor Homepage: https://www.campcodes.com/projects/p...in-php-mysqli/
# Software Link: https://www.sourcecodester.com/sites...rollment_1.zip
# Version: v1.0
# Tested on: Win 10
# CVE: N/A
# Vulnerability:
Online Student Enrollment System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution
(RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file.
#CSRF PoC:
# Google Dork: N/A
# Vendor Homepage: https://www.campcodes.com/projects/p...in-php-mysqli/
# Software Link: https://www.sourcecodester.com/sites...rollment_1.zip
# Version: v1.0
# Tested on: Win 10
# CVE: N/A
# Vulnerability:
Online Student Enrollment System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution
(RCE) on the Hosting Webserver via uploading a maliciously crafted PHP file.
#CSRF PoC:
Quote:Original Link to the Exploit!
https://www.exploit-db.com/exploits/48610