CVE-2021-37372

HIGH

Online Student Admission System - Unrestricted File Upload

Title source: rule

Description

Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://www.sourcecodester.com/php/14874/online-student-admission-system.html

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/164625/Online-Student-Admission-System-1.0-SQL-Injection-Shell-Upload.html

Third Party Advisory, VDB Entry x_refsource_misc

https://packetstormsecurity.com/files/164625/Online_Admission_System_CVEs-Gerard-Carbonell.pdf

Scores

CVSS v3 8.8

EPSS 0.0787

EPSS Percentile 92.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

online_student_admission_system_project/online_student_admission_system 1.0

Published Oct 26, 2021

Tracked Since Feb 18, 2026