CVE-2024-13133Improper Access Control in Studentmanager

CWE-284Improper Access ControlCWE-434Unrestricted File Upload3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 77.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zerowdd Studentmanager
Timeline
PublishedJan 5

Description

A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. This issue affects the function addStudent/editStudent of the file src/main/Java/com/wdd/studentmanager/controller/StudentController. java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5zerowdd/studentmanager1.0

🔴Vulnerability Details

2
GHSA
GHSA-c37c-p2gq-c2g7: A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 12025-01-05
CVEList
ZeroWdd studentmanager StudentController. java editStudent unrestricted upload2025-01-05
CVE-2024-13133 — Improper Access Control | cvebase