CVE-2023-3061

MEDIUM

Agro-School Management System 1.0 - Unrestricted Upload

Title source: llm

Description

A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567.

References (3)

Core 3

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.230567

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.230567

Exploit, Third Party Advisory related

https://github.com/hotencode/CveHub/blob/main/Agro-School%20Management%20System%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0010

EPSS Percentile 28.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-434

Status published

Products (1)

agro-school_management_system_project/agro-school_management_system 1.0

Published Jun 02, 2023

Tracked Since Feb 18, 2026