CVE-2021-45835

CRITICAL

Online Admission System 1.0 - Code Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-45835. PoCs published by Jeremiasz Pluta.

AI-analyzed exploit summary This exploit targets Online Admission System 1.0, leveraging unauthenticated file upload to achieve remote code execution. It uploads a PHP webshell and triggers a reverse shell via netcat.

Description

The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.

Exploits (1)

exploitdb WORKING POC
by Jeremiasz Pluta · pythonwebappsphp
https://www.exploit-db.com/exploits/50623

This exploit targets Online Admission System 1.0, leveraging unauthenticated file upload to achieve remote code execution. It uploads a PHP webshell and triggers a reverse shell via netcat.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Online Admission System 1.0
No auth needed
Prerequisites: Network access to target · Netcat installed on attacker machine · Target running vulnerable Online Admission System
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/rskoolrash/Online-Admission-System/issues/2
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/50623

Scores

CVSS v3 9.8
EPSS 0.0297
EPSS Percentile 85.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-434
Status published
Products (1)
online_admission_system_project/online_admissions_system 1.0
Published Mar 18, 2022
Tracked Since Feb 18, 2026