CVE-2022-39179: College Management System v1.0 - Authenticated remote code execution
First published: Thu Nov 17 2022(Updated: )
College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file.
Credit: cna@cyber.gov.il
| Affected Software | Affected Version | How to fix |
|---|---|---|
| College Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-39179?
CVE-2022-39179 is considered a critical vulnerability due to its potential for authenticated remote code execution.
How do I fix CVE-2022-39179?
To mitigate CVE-2022-39179, ensure that input validation is implemented to prevent SQL injection and restrict file uploads to safe types.
Who is affected by CVE-2022-39179?
CVE-2022-39179 affects users of College Management System version 1.0, particularly those with admin access.
What type of attack does CVE-2022-39179 enable?
CVE-2022-39179 enables authenticated remote code execution, allowing attackers to execute arbitrary code on the server.
Can CVE-2022-39179 be exploited without authentication?
Yes, the authentication can be bypassed through an associated SQL injection vulnerability, facilitating exploitation of CVE-2022-39179.
- agent/references
- agent/type
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/weakness
- agent/author
- vendor/college management system project
- canonical/college management system
- version/college management system/1.0