CVE-2020-23828

CRITICAL

SourceCodester Online Course Registration v1.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-23828. PoCs published by boku.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote code execution (RCE) vulnerability in Online Course Registration 1.0 by bypassing authentication via SQL injection and uploading a malicious PHP webshell. The PoC establishes a session, bypasses login, and uploads a shell to achieve command execution.

Description

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.

Exploits (1)

exploitdb WORKING POC
by boku · pythonwebappsphp
https://www.exploit-db.com/exploits/48704

This exploit demonstrates an unauthenticated remote code execution (RCE) vulnerability in Online Course Registration 1.0 by bypassing authentication via SQL injection and uploading a malicious PHP webshell. The PoC establishes a session, bypasses login, and uploads a shell to achieve command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Online Course Registration 1.0
No auth needed
Prerequisites: Network access to the target application · Python environment with required libraries (requests, colorama)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48704

Scores

CVSS v3 9.8
EPSS 0.0411
EPSS Percentile 89.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
online_course_registration_project/online_course_registration 1.0
Published Sep 15, 2020
Tracked Since Feb 18, 2026