CVE-2024-13134Improper Access Control in Studentmanager

CWE-284Improper Access ControlCWE-434Unrestricted File Upload3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 66.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Zerowdd Studentmanager
Timeline
PublishedJan 5

Description

A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Affected is the function addTeacher/editTeacher of the file src/main/Java/com/wdd/studentmanager/controller/TeacherController. java. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5zerowdd/studentmanager1.0

🔴Vulnerability Details

2
GHSA
GHSA-5pqj-phv8-qxmc: A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 12025-01-05
CVEList
ZeroWdd studentmanager TeacherController. java editTeacher unrestricted upload2025-01-05
CVE-2024-13134 — Improper Access Control | cvebase