CVE-2020-28130

CRITICAL

Online Library Management System 1.0 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-28130. PoCs published by Jyotsna Adhana.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Online Library Management System 1.0, allowing an attacker to upload a malicious PHP shell and execute system commands remotely.

Description

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).

Exploits (1)

exploitdb WORKING POC
by Jyotsna Adhana · textwebappsphp
https://www.exploit-db.com/exploits/48928

This exploit demonstrates an arbitrary file upload vulnerability in Online Library Management System 1.0, allowing an attacker to upload a malicious PHP shell and execute system commands remotely.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Online Library Management System 1.0
Auth required
Prerequisites: Access to the vulnerable admin panel · Ability to upload files
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/48928

Scores

CVSS v3 9.8
EPSS 0.0626
EPSS Percentile 92.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
online_library_management_system_project/online_library_management_system 1.0
Published Nov 17, 2020
Tracked Since Feb 18, 2026