CVE-2024-0783

MEDIUM

Project Worlds Online Admission System 1.0 - Unrestricted Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-0783. PoCs published by pwnpwnpur1n.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2024-0783, targeting an authenticated RCE vulnerability in the Online Admission System In PHP 1.0. The exploit uploads a PHP reverse shell via a file upload endpoint and spawns a shell on the target system.

Description

A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.

Exploits (1)

nomisec WORKING POC 2 stars

by pwnpwnpur1n · poc

https://github.com/pwnpwnpur1n/Online-Admission-System-RCE-PoC

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-0783, targeting an authenticated RCE vulnerability in the Online Admission System In PHP 1.0. The exploit uploads a PHP reverse shell via a file upload endpoint and spawns a shell on the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Online Admission System In PHP 1.0

Auth required

Prerequisites: Valid credentials for the target system · Network access to the vulnerable endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Permissions Required, Third Party Advisory vdb-entry

https://vuldb.com/?id.251699

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.251699

Exploit exploit

https://github.com/keru6k/Online-Admission-System-RCE-PoC

Exploit exploit

https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py

Scores

CVSS v3 6.3

EPSS 0.0125

EPSS Percentile 65.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

online_admission_system_project/online_admission_system 1.0

Published Jan 22, 2024

Tracked Since Feb 18, 2026