Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Student Information System v1.0 - Insecure File Upload
Vulnerability Description
Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Student Information System 代码问题漏洞
Vulnerability Description
Student Information System是Carlo Montero个人开发者的一个基于网络的应用平台。可以帮助某所大学或学院管理学生的信息和学业记录。 Student Information System v1.0版本存在代码问题漏洞,该漏洞源于容易受到不安全文件上传漏洞的影响,允许经过身份验证的攻击者在托管应用程序的服务器上远程执行代码。
CVSS Information
N/A
Vulnerability Type
N/A