CVE-2024-0783

MEDIUM

Project Worlds Online Admission System 1.0 - Unrestricted Upload

Title source: llm

Description

A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699.

Exploits (1)

nomisec WORKING POC 2 stars

by pwnpwnpur1n · poc

https://github.com/pwnpwnpur1n/Online-Admission-System-RCE-PoC

View Code ZIP pw:eip

References (4)

[Permissions Required, Third Party Advisory] https://vuldb.com/?id.251699

[Permissions Required, Third Party Advisory] https://vuldb.com/?ctiid.251699

[Exploit] https://github.com/keru6k/Online-Admission-System-RCE-PoC

[Exploit] https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py

Scores

CVSS v3 6.3

EPSS 0.0297

EPSS Percentile 86.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (1)

online_admission_system_project/online_admission_system 1.0

Published Jan 22, 2024

Tracked Since Feb 18, 2026