CVE-2022-39179

Summary

College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file.

Affected Software

VendorProductVersion RangeStatus
College ManagementCollege Management System v1.0All versions < Upgrade to the latest version.affected

Weaknesses

  • Authenticated remote code execution

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References