CVE-2021-45835

CRITICAL

Online Admission System 1.0 - Code Injection

Title source: llm

Description

The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.

Exploits (1)

exploitdb WORKING POC

by Jeremiasz Pluta · pythonwebappsphp

https://www.exploit-db.com/exploits/50623

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://github.com/rskoolrash/Online-Admission-System

[Issue Tracking, Third Party Advisory] https://github.com/rskoolrash/Online-Admission-System/issues/2

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50623

Scores

CVSS v3 9.8

EPSS 0.2221

EPSS Percentile 95.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

online_admission_system_project/online_admissions_system 1.0

Published Mar 18, 2022

Tracked Since Feb 18, 2026