Vulnerability Description
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simple College Project | Simple College | 1.0 |
Related Weaknesses (CWE)
References
- https://dl.packetstormsecurity.net/2010-exploits/simplecollegewebsite10-sqlexec.ExploitThird Party Advisory
- https://github.com/yunaranyancat/poc-dump/blob/main/simplecollegewebsite/sqli_rcExploitThird Party Advisory
- https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysThird Party Advisory
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-colThird Party Advisory
- https://dl.packetstormsecurity.net/2010-exploits/simplecollegewebsite10-sqlexec.ExploitThird Party Advisory
- https://github.com/yunaranyancat/poc-dump/blob/main/simplecollegewebsite/sqli_rcExploitThird Party Advisory
- https://www.sourcecodester.com/php/14548/simple-college-website-using-htmlphpmysThird Party Advisory
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/simple-colThird Party Advisory
FAQ
What is CVE-2020-28173?
CVE-2020-28173 is a vulnerability with a CVSS score of 7.2 (HIGH). Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is...
How severe is CVE-2020-28173?
CVE-2020-28173 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-28173?
Check the references section above for vendor advisories and patch information. Affected products include: Simple College Project Simple College.