Advertisement






Alumni Management System 1.0 Shell Upload

CVE Category Price Severity
CVE-2020-28072 CWE-434 $500 High
Author Risk Exploitation Type Date
Anonymous Critical Remote 2020-12-15
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120111

Below is a copy:

Alumni Management System 1.0 Shell Upload
# Exploit Title: Remote Code Execution on Alumni Management System 
# Date: 23/10/2020
# Exploit Author: Valerio Alessandroni
# Vendor Homepage: https://www.sourcecodester.com
# Software Link: https://www.sourcecodester.com/php/14524/alumni-management-system-using-phpmysql-s ource-code.html
# Version: 1.0
# Tested on: ubuntu 18.04
# CVE : CVE-2020-28072
# Description:



# Reproduction:

- Log in the administration panel, through http://127.0.0.1/admin/index.php?page=gallery, 
- upload a malicious php file using the form in the page.
- Executes command via the uploaded file http://127.0.0.1/admin/assets/uploads/gallery/[ID]_img.php
- The [ID] is a variable progressive number, it can be found in the html source code in the same page

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.