Skip to main content

Student Information System CVE-2023-4122

HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2023-12-07 help@fluidattacks.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 07, 2023 - 23:15 nvd
HIGH 8.8

DescriptionNVD

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

AnalysisAI

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. Affected products include: Imsurajghosh Student Information System.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2023-5008 CRITICAL POC
9.8 Dec 08

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter

CVE-2025-25948 CRITICAL POC
9.1 Mar 03

Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Info

CVE-2023-5011 HIGH POC
8.8 Dec 20

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severi

CVE-2023-5010 HIGH POC
8.8 Dec 20

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severi

CVE-2023-5007 HIGH POC
8.8 Dec 20

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severi

CVE-2024-53636 MEDIUM POC
6.4 Apr 26

An arbitrary file upload vulnerability via writefile.php of Serosoft Academia Student Information System (SIS) EagleR-1.

CVE-2020-13278 MEDIUM POC
6.1 Aug 12

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remo

CVE-2022-2797 CRITICAL
9.8 Aug 12

A vulnerability classified as critical was found in SourceCodester Student Information System. Rated critical severity (

CVE-2025-15053 MEDIUM POC
5.5 Dec 24

A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the

CVE-2025-25949 MEDIUM POC
5.4 Mar 03

A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS

CVE-2025-15052 LOW POC
2.0 Dec 24

Cross-site scripting (XSS) via unsanitized firstname and lastname parameters in /profile.php of code-projects Student In

CVE-2022-1819 MEDIUM
4.8 May 24

A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Rated medium severity

Share

CVE-2023-4122 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy