CVE-2024-4349

HIGH Year: 2024
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-434
View all →

Vulnerability Description

A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2016-1713

HIGH
CVSS:7.3(High)

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated ...

CWE-4342016

CVE-2017-18435

HIGH
CVSS:7.3(High)

cPanel before 64.0.21 allows demo accounts to execute code via the BoxTrapper API (SEC-238).

CWE-4342017

CVE-2020-25406

HIGH
CVSS:7.3(High)

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.

CWE-4342020

CVE-2020-6293

HIGH
CVSS:7.3(High)

SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to upload a malicious file and also to access, modify or make unavailable existing files but...

CWE-4342020

CVE-2023-2063

HIGH
CVSS:7.3(High)

Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP modu...

CWE-4342023

CVE-2023-42472

HIGH
CVSS:7.3(High)

Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system ...

CWE-4342023