### Vulnerability Summary **Vulnerability Overview** * **Vulnerability Name:** ProjectsAndPrograms school-management-system 1 File Upload / RCE * **Description:** A authenticated file upload vulnerability exists in the School Management System. Users with **Admin** or **Teacher** roles can upload arbitrary files that are executable on the server, leading to **Remote Code Execution (RCE)**. * **Severity:** 16 points * **Status:** Moderated **Impact Scope** * **Affected Software:** ProjectsAndPrograms School Management System * **Affected Version:** 1 * **Affected Roles:** Admin, Teacher **Remediation & Reference** * **Reference Link:** The screenshot does not provide a direct patch, but includes a research reference: * `https://github.com/ruddo-security/security-research/blob/main/school-management-system/file-upload-rce/PvC.md` * **Vulnerability Details:** `https://vuldb.com/entry/219049` (inferred from VuDB entry link) **POC / Exploit Code** * The screenshot **does not contain** direct POC code or exploit scripts. * The actual proof-of-concept or detailed exploitation steps are likely available in the **Source** link provided (GitHub repository).