N/A

Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.

N/A

N/A

Envato DigitalVidhya Digi Online Examination System 代码注入漏洞

Envato DigitalVidhya Digi Online Examination System（DOES）是澳大利亚Envato公司的一套在线考试系统。该系统支持免费和付费在线考试、支付模块、随机生成测试题等。 Envato DOES 2.0版本的Photo功能中存在任意文件上传漏洞。远程攻击者可通过上传可执行文件，然后向assets/uploads/images/目录下的该文件发送直接请求利用该漏洞执行任意代码。

N/A

N/A