CVE-2018-18793
published 2018-11-16CVE-2018-18793: School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
9.50%
94.8th percentile
School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| school_event_management_system_project | school_event_management_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect POST requests to the vulnerable endpoint with a multipart/form-data body containing a PHP file disguised with a GIF magic-byte prefix (GIFefe) as the upload payload. ↗
- →Alert on GET/POST requests to event/controller.php with the query parameter action=photos, which is the sole upload trigger for this vulnerability. ↗
- →Monitor the web-accessible upload directory /event/photo/ for newly created .php (or other executable) files, which would indicate successful webshell placement. ↗
- →Flag multipart file uploads where Content-Type is set to application/force-download rather than a legitimate image MIME type, used here to bypass server-side type checks. ↗
- →The application uses getimagesize() on the uploaded file but does not enforce a safe file extension, allowing a PHP file prefixed with the fake GIF header 'GIFefe' to pass validation. ↗
- ·The vulnerable software is School Event Management System version 1.0 only; the upload path prefix [PATH] is installation-dependent and must be adjusted for each deployment. ↗
- ·The exploit was tested on a Windows 7 x64 host running Apache/2.4.25 with PHP/5.6.30; behaviour on other OS/PHP version combinations may differ. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2018-11-16
Published