CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-23828

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.023

EPSS Ranking 84.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.exploit-db.com/exploits/48704
https://www.sourcecodester.com/php/14251/online-course-registration.html
https://www.exploit-db.com/exploits/48704
https://www.sourcecodester.com/php/14251/online-course-registration.html

Products affected by CVE-2020-23828

Online Course Registration Project » Online Course Registration » Version: 1.0

cpe:2.3:a:online_course_registration_project:online_course_registration:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-23828

Products

Pricing

Contact Us