CVE-2022-39179

HIGH

College Management System 1.0 - Authenticated Remote Code Execution via .php File Upload

Title source: llm
STIX 2.1

Description

College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file.

References (1)

Core 1

Scores

CVSS v3 7.2
EPSS 0.0104
EPSS Percentile 60.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
college_management_system_project/college_management_system 1.0
Published Nov 17, 2022
Tracked Since Feb 18, 2026