CVE-2023-41505

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 59.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Student Enrollment

Timeline

PublishedMar 13

Description

An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDcode-projects/student_enrollment1.0

🔴Vulnerability Details

GHSA

GHSA-jpwr-2mxg-6vpf: An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1↗2024-03-13

▶

CVEList

CVE-2023-41505: An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1↗2024-03-13

▶